aklog: Fix overflows in auth_to_path

In the auth_to_path routine, don't use strcpy and strcat when
working with the fixed length pathtocheck buffer. Instead, use
strlcpy and strlcat to ensure that all string operations fit within
the buffer limits.

Caught by coverity (#985762)

Change-Id: I66ae11e1f49c66574d457fd79e97dd647ac98a73
Reviewed-on: http://gerrit.openafs.org/9444
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index 22df70d..038eece 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1317,7 +1317,7 @@ auth_to_path(krb5_context context, const char *config, char *path)
 
     /* Initialize */
     if (path[0] == DIR)
-       strcpy(pathtocheck, path);
+       strlcpy(pathtocheck, path, sizeof(pathtocheck));
     else {
        if (getcwd(pathtocheck, sizeof(pathtocheck)) == NULL) {
            fprintf(stderr, "Unable to find current working directory:\n");
@@ -1326,15 +1326,15 @@ auth_to_path(krb5_context context, const char *config, char *path)
            exit(AKLOG_BADPATH);
        }
        else {
-           strcat(pathtocheck, DIRSTRING);
-           strcat(pathtocheck, path);
+           strlcat(pathtocheck, DIRSTRING, sizeof(pathtocheck));
+           strlcat(pathtocheck, path, sizeof(pathtocheck));
        }
     }
     next_path(pathtocheck);
 
     /* Go on to the next level down the path */
     while ((nextpath = next_path(NULL))) {
-       strcpy(pathtocheck, nextpath);
+       strlcpy(pathtocheck, nextpath, sizeof(pathtocheck));
        afs_dprintf("Checking directory %s\n", pathtocheck);
        /*
         * If this is an afs mountpoint, determine what cell from