git.openafs.org Git - openafs.git/commit

author	Simon Wilkinson <sxw@your-file-system.com>
	Tue, 26 Feb 2013 22:27:25 +0000 (22:27 +0000)
committer	Stephan Wiesand <stephan.wiesand@desy.de>
	Tue, 3 Jun 2014 16:17:29 +0000 (12:17 -0400)
commit	13515489cbfd138d221d54bdedc4bf44ff24778e
tree	3804eeba7b122b1d40834ff4026a102c33d9309b	tree \| snapshot
parent	2ae05022bfd083f2095565636ab0251ff5204a85	commit \| diff

auth: Fix buffer overflow in afsconf_Open

If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.

Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.

Caught by coverity (#985905)

Reviewed-on: http://gerrit.openafs.org/9292
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 41d9ea697bf5e81e5003ad7b208788223c25536b)

Change-Id: I5b8664328dd0d397cbe459ff1e7667e63afc31e2
Reviewed-on: http://gerrit.openafs.org/11019
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>