From d2d749ec0c656d6e4c595a5f8c93b164a6cf911b Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 8 Mar 2013 16:15:51 +0000
Subject: [PATCH] bos: Remove theoretical overflow in DateOf

DateOf copies the results of ctime into a static buffer. Typically
ctime will return a 26 byte string, but if you pass it a year larger
than 9999 (which we shouldn't), you can get a 32 (or more) byte string.

Get rid of this unlikely event by using strlcpy for the copy. We already
truncate at 24 bytes when we remove the \n, so this shouldn't cause any
further problems.

Really, this whole thing should be rewritten to use strftime.

Caught by coverity (#985776)

Reviewed-on: http://gerrit.openafs.org/9551
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 8b76110e23160e33716234f9560d22ca5275cb0a)

Change-Id: I47bdadf0159c12d747040765d28e6e8908678fd1
Reviewed-on: http://gerrit.openafs.org/10862
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/bozo/bos.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 7b02d15cf..3f1282b39 100644
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -146,14 +146,13 @@ GetPartitionID(char *aname)
 
 /* make ctime easier to use */
 static char *
-DateOf(afs_int32 atime)
+DateOf(time_t atime)
 {
     static char tbuffer[30];
     char *tp;
-    time_t t = (time_t) atime;
-    tp = ctime(&t);
+    tp = ctime(&atime);
     if (tp) {
-	strcpy(tbuffer, tp);
+	strlcpy(tbuffer, tp, sizeof(tbuffer));
 	tbuffer[24] = 0;	/* get rid of new line */
     } else
 	strcpy(tbuffer, "BAD TIME");
-- 
2.39.5