git://git.openafs.org / openafs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch (parent: 2116674)
bos: Don't overflow cellname buffer
authorSimon Wilkinson <sxw@your-file-system.com>
Fri, 8 Mar 2013 13:01:28 +0000 (13:01 +0000)
committerDerrick Brashear <shadow@your-file-system.com>
Tue, 12 Mar 2013 13:51:37 +0000 (06:51 -0700)
Don't overflow the fixed sized cellname buffer when copying the
information in from the command line - instead, just use a
dynamically allocated buffer.

Caught by coverity (#985775)

Change-Id: If87b1ba9bcb990d3145a89627e212144cd78f5a0
Reviewed-on: http://gerrit.openafs.org/9549
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

src/bozo/bos.c patch | blob | history

diff --git a/src/bozo/bos.c b/src/bozo/bos.c
index 34c4fd3..5e951a9 100644 (file)
--- a/src/bozo/bos.c
+++ b/src/bozo/bos.c
@@ -788,8 +788,6 @@ AddKey(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct ktc_encryptionKey tkey;
     afs_int32 temp;
-    char *tcell;
-    char cellBuffer[256];
     char buf[BUFSIZ], ver[BUFSIZ];
 
     tconn = GetConn(as, 1);
@@ -824,22 +822,29 @@ AddKey(struct cmd_syndesc *as, void *arock)
 */
        strcpy((char *)&tkey, buf);
     } else {                   /* kerberos key */
+       char *tcell;
        if (as->parms[ADDPARMOFFSET].items) {
-           strcpy(cellBuffer, as->parms[ADDPARMOFFSET].items->data);
+           tcell = strdup(as->parms[ADDPARMOFFSET].items->data);
+           if (tcell == NULL) {
+               fprintf(stderr, "bos: Unable to allocate memory for cellname\n");
+               exit(1);
+           }
 
            /* string to key needs upper-case cell names */
 
            /* I don't believe this is true.  The string to key function
             * actually expands the cell name, then LOWER-CASES it.  Perhaps it
             * didn't use to??? */
-           ucstring(cellBuffer, cellBuffer, strlen(cellBuffer));
-           tcell = cellBuffer;
+           ucstring(tcell, tcell, strlen(tcell));
        } else
            tcell = NULL;       /* no cell specified, use current */
 /*
        ka_StringToKey(as->parms[1].items->data, tcell, &tkey);
 */
        ka_StringToKey(buf, tcell, &tkey);
+
+       if (tcell)
+           free(tcell);
     }
     code = BOZO_AddKey(tconn, temp, ktc_to_bozoptr(&tkey));
     if (code) {
OpenAFS Master Repository