From 8c664a8c0f25e472bd3ba30f31fbbf707fa4e873 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:55:18 +0000
Subject: [PATCH] auth: Catch long cells in backwards compat code

ktc_SetTokenEx can fall back to calling the SetToken pioctl when
the kernel module doesn't support the newer call. When we do this,
we have to transform the token structure into the older format.

Catch tokens whose cells are too long to be represented in the
older format, and bail with KTC_INVAL, rather than overflowing the
array.

Caught by coverity (#985770)

Change-Id: Ibaa1cc92c494cc6f4e56ebe7b16109d4558db131
Reviewed-on: http://gerrit.openafs.org/9449
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
---
 src/auth/ktc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 4df513dc6..9500ec835 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -356,7 +356,11 @@ ktc_SetTokenEx(struct ktc_setTokenData *token) {
 
 	memset(&server, 0, sizeof(server));
 	strcpy(server.name, "afs");
-	strcpy(server.cell, token->cell);
+	if (strlcpy(server.cell, token->cell, sizeof(server.cell))
+		>= sizeof(server.cell)) {
+	    free(rxkadToken);
+	    return KTC_INVAL;
+	}
 	code = ktc_SetToken(&server, rxkadToken, &client, flags);
 	free(rxkadToken);
 	return code;
-- 
2.39.5