auth: Fix buffer overflow in afsconf_Open
authorSimon Wilkinson <sxw@your-file-system.com>
Tue, 26 Feb 2013 22:27:25 +0000 (22:27 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Wed, 27 Feb 2013 20:40:09 +0000 (12:40 -0800)
commit41d9ea697bf5e81e5003ad7b208788223c25536b
tree3b0173392bd26d03173575b9702a07d766fb8360
parentdebf43714b0f00fa00a0ef3384e098de78d28ed6
auth: Fix buffer overflow in afsconf_Open

If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.

Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.

Caught by coverity (#985905)

Change-Id: Id8769ede841165d3ff3104143e55767d550d6f87
Reviewed-on: http://gerrit.openafs.org/9292
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
src/auth/cellconfig.c