If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.
Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.
Caught by coverity (#985905)
Change-Id: Id8769ede841165d3ff3104143e55767d550d6f87
Reviewed-on: http://gerrit.openafs.org/9292
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
fgets(afs_confdir, 128, fp);
fclose(fp);
} else {
- char pathname[256];
+ char *pathname = NULL;
+
+ asprintf(&pathname, "%s/%s", home_dir, ".AFSCONF");
+ if (pathname == NULL) {
+ free(tdir);
+ UNLOCK_GLOBAL_MUTEX;
+ return (struct afsconf_dir *) 0;
+ }
- sprintf(pathname, "%s/%s", home_dir, ".AFSCONF");
fp = fopen(pathname, "r");
+ free(pathname);
+
if (fp == 0) {
/* Our last chance is the "/.AFSCONF" file */
fp = fopen("/.AFSCONF", "r");