From e49026b294d3b625baba2a91dab65e3d2e0050a7 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:15:22 +0000
Subject: [PATCH] aklog: Protect against overflows from cmdline

The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.

Caught by coverity (#985764, #985904)

Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 2902ef93976fd4baa1a1ed07f4940c5979702856)

Change-Id: I1c8b72aa087902e45cef758844193949471170c5
Reviewed-on: http://gerrit.openafs.org/11060
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/aklog/aklog.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index 283b22067..056713a23 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1556,7 +1556,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-c") == 0)) && !pmode)
 	    if (++i < argc) {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(cell));
 	    }
 	    else
 		usage();
@@ -1576,7 +1576,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-p") == 0)) && !cmode)
 	    if (++i < argc) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else
 		usage();
@@ -1587,11 +1587,11 @@ main(int argc, char *argv[])
 	    if (strchr(argv[i], DIR) || (strcmp(argv[i], ".") == 0) ||
 		(strcmp(argv[i], "..") == 0)) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(path));
 	    }
 	}
 	else
@@ -1601,7 +1601,7 @@ main(int argc, char *argv[])
 	    if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0)) {
 		i+=2;
 		if (i < argc)
-		    strcpy(realm, argv[i]);
+		    strlcpy(realm, argv[i], sizeof(realm));
 		else
 		    usage();
 	    }
@@ -1681,8 +1681,8 @@ main(int argc, char *argv[])
 	    FILE *f;
 	    char fcell[100], xlog_path[512];
 
-	    strcpy(xlog_path, pwd->pw_dir);
-	    strcat(xlog_path, "/.xlog");
+	    strlcpy(xlog_path, pwd->pw_dir, sizeof(xlog_path));
+	    strlcat(xlog_path, "/.xlog", sizeof(xlog_path));
 
 	    if ((stat(xlog_path, &sbuf) == 0) &&
 		((f = fopen(xlog_path, "r")) != NULL)) {
-- 
2.39.5