volser: Don't overflow volume name
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 09:47:53 +0000 (09:47 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Thu, 7 Mar 2013 15:52:58 +0000 (07:52 -0800)
The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.

Caught by coverity (#985849)

Change-Id: I860d4bd4ed9a22185f4a83408d163ce20d21e751
Reviewed-on: http://gerrit.openafs.org/9352
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/volser/vsprocs.c

index 7af0d9f..043aa42 100644 (file)
@@ -3014,7 +3014,7 @@ GetTrans(struct nvldbentry *vldbEntryPtr, afs_int32 index,
 
     /* If the volume does not exist, create it */
     if (!volid || code) {
-       char volname[64];
+       char volname[VL_MAXNAMELEN];
         char hoststr[16];
 
        if (volid && (code != VNOVOL)) {
@@ -3023,7 +3023,16 @@ GetTrans(struct nvldbentry *vldbEntryPtr, afs_int32 index,
            goto fail;
        }
 
-       strcpy(volname, vldbEntryPtr->name);
+       strlcpy(volname, vldbEntryPtr->name, sizeof(volname));
+
+       if (strlcat(volname,
+                   tmpVolId?".roclone":".readonly",
+                   sizeof(volname)) >= sizeof(volname)) {
+           code = ENOMEM;
+           PrintError("Volume name is too long\n", code);
+           goto fail;
+       }
+
        if (tmpVolId)
            strcat(volname, ".roclone");
        else