kauth: Fix overflow when writing ticket file

[openafs.git] / src / kauth / krb_tf.c

diff --git a/src/kauth/krb_tf.c b/src/kauth/krb_tf.c
index ed48dd5..1ccb767 100644 (file)
--- a/src/kauth/krb_tf.c
+++ b/src/kauth/krb_tf.c
@@ -48,20 +48,11 @@
 #include <afs/param.h>
 
 #include <roken.h>
+#include <afs/opr.h>
 
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef AFS_NT40_ENV
-#include <io.h>
-#else
-#include <sys/file.h>
-#endif
-#include <string.h>
-#include <sys/types.h>
 #include <rx/xdr.h>
-#include <errno.h>
 #include <afs/auth.h>
+
 #include "kauth.h"
 #include "kautils.h"
 #include "kauth_internal.h"
@@ -69,7 +60,6 @@
 afs_int32
 krb_write_ticket_file(char *realm)
 {
-    char ticket_file[AFSDIR_PATH_MAX];
     int fd;
     int count;
     afs_int32 code;
@@ -92,10 +82,15 @@ krb_write_ticket_file(char *realm)
      * back upon /tmp/tkt(uid}.
      */
     if ((tf_name = (char *)getenv("KRBTKFILE")))
-       (void)sprintf(ticket_file, "%s", tf_name);
-    else
-       (void)sprintf(ticket_file, "%s/tkt%d", gettmpdir(), getuid());
-    fd = open(ticket_file, O_WRONLY + O_CREAT + O_TRUNC, 0700);
+       fd = open(tf_name, O_WRONLY | O_CREAT | O_TRUNC, 0700);
+    else {
+       asprintf(&tf_name, "%s/tkt%d", gettmpdir(), getuid());
+       if (tf_name == NULL)
+           return ENOMEM;
+       fd = open(tf_name, O_WRONLY | O_CREAT | O_TRUNC, 0700);
+       free(tf_name);
+    }
+
     if (fd <= 0)
        return errno;