From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 13 Jan 2008 15:32:24 +0000 (+0000)
Subject: cmd-nname-20080113
X-Git-Tag: BP-openafs-windows-kdfs-ifs~205
X-Git-Url: http://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=d5811091995b78d65e891b134aa0ad6955bbc30c

cmd-nname-20080113

LICENSE MIT

Nname() is used to concatenate two strings and is frequently used with
the first string being the name of the executable perhaps with a full
path.  The static buffer specified is too small for a full path and
there was no protection against writing beyond the end of it.
---

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index b0e504b..2699272 100644
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -40,13 +40,14 @@ static char initcmd_opcode[] = "initcmd";	/*Name of initcmd opcode */
 static char *
 NName(char *a1, char *a2)
 {
-    static char tbuffer[80];
+    static char tbuffer[300];
     if (strlen(a1) == 0) {
-	return "";
+        return "";
     } else {
-	strcpy(tbuffer, a1);
-	strcat(tbuffer, a2);
-	return tbuffer;
+        strncpy(tbuffer, a1, sizeof(tbuffer));
+        strncat(tbuffer, a2, sizeof(tbuffer));
+        tbuffer[sizeof(tbuffer)-1]='\0';
+        return tbuffer;
     }
 }