libadmin: Don't overflow volume name

The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.

Caught by coverity (#985849)

Change-Id: Idde2cf8362bbd48538fafcd8c8d98e1f71cc15e1
Reviewed-on: http://gerrit.openafs.org/9353
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

diff --git a/src/libadmin/vos/vsprocs.c b/src/libadmin/vos/vsprocs.c
index 52a4b72..d5f6f6e 100644 (file)
--- a/src/libadmin/vos/vsprocs.c
+++ b/src/libadmin/vos/vsprocs.c
@@ -1323,14 +1323,18 @@ GetTrans(afs_cell_handle_p cellHandle, struct nvldbentry *vldbEntryPtr,
 
     /* If the volume does not exist, create it */
     if (!volid || tst) {
-       char volname[64];
+       char volname[VL_MAXNAMELEN];
 
        if (volid && (tst != VNOVOL)) {
            goto fail_GetTrans;
        }
 
-       strcpy(volname, vldbEntryPtr->name);
-       strcat(volname, ".readonly");
+       strlcpy(volname, vldbEntryPtr->name, sizeof(volname));
+       if (strlcat(volname, ".readonly", sizeof(volname))
+               >= sizeof(volname)) {
+           tst = ENOMEM;
+           goto fail_GetTrans;
+       }
 
        tst =
            AFSVolCreateVolume(*connPtr, vldbEntryPtr->serverPartition[index],