From 95cd5b1d950ecb820179e4279b8570d8ad6780f5 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:00:47 +0000
Subject: [PATCH] afsmonitor: Fix theoretical overflow of handler string

Don't do an unbounded copy into the thresh structure's handler
string, in case the caller has passed us a string which is too
long.

Instead, switch to strlcpy for all string copies.

Caught by coverity (#985761)

Change-Id: I80e3d35d7a9a4b57e8efc0cb0c7b2dc12f021063
Reviewed-on: http://gerrit.openafs.org/9443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/afsmonitor/afsmonitor.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/afsmonitor/afsmonitor.c b/src/afsmonitor/afsmonitor.c
index 9ba8b3889..b617ecdc8 100644
--- a/src/afsmonitor/afsmonitor.c
+++ b/src/afsmonitor/afsmonitor.c
@@ -989,10 +989,12 @@ store_threshold(int a_type,		/* 1 = fs , 2 = cm */
 	    for (j = 0; j < tmp_host->numThresh; j++) {
 		if ((threshP->itemName[0] == '\0')
 		    || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-		    strncpy(threshP->itemName, a_varName,
-			    THRESH_VAR_NAME_LEN);
-		    strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-		    strcpy(threshP->handler, a_handler);
+		    strlcpy(threshP->itemName, a_varName,
+			    sizeof(threshP->itemName));
+		    strlcpy(threshP->threshVal, a_value,
+			    sizeof(threshP->threshVal));
+		    strlcpy(threshP->handler, a_handler,
+			    sizeof(threshP->handler));
 		    threshP->index = index;
 		    done = 1;
 		    break;
@@ -1044,9 +1046,9 @@ store_threshold(int a_type,		/* 1 = fs , 2 = cm */
     for (i = 0; i < tmp_host->numThresh; i++) {
 	if ((threshP->itemName[0] == '\0')
 	    || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-	    strncpy(threshP->itemName, a_varName, THRESH_VAR_NAME_LEN);
-	    strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-	    strcpy(threshP->handler, a_handler);
+	    strlcpy(threshP->itemName, a_varName, sizeof(threshP->itemName));
+	    strlcpy(threshP->threshVal, a_value, sizeof(threshP->threshVal));
+	    strlcpy(threshP->handler, a_handler, sizeof(threshP->handler));
 	    threshP->index = index;
 	    done = 1;
 	    break;
-- 
2.39.5