Reallocate memory in aklog for the AFS ID string

aklog was previously writing the magic AFS ID string into previously
alloated memory with sprintf, but the variable in question was only
as long as the username, so this code could overwrite memory and lead
to heap corruption.  Free previously allocated memory and use
afs_asprintf to format the AFS ID string instead.

Change-Id: I7649864817340764c39c176606a9a543c10983c9
Reviewed-on: http://gerrit.openafs.org/1706
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Simon Wilkinson <sxw@inf.ed.ac.uk>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index cd994c6..43cd846 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1100,7 +1100,12 @@ auth_to_cell(krb5_context context, char *cell, char *realm, char **linkedcell)
             */
 
            if ((status == 0) && (viceId != ANONYMOUSID)) {
-               sprintf(username, "AFS ID %d", (int) viceId);
+               free(username);
+               if (afs_asprintf(&username, "AFS ID %d", (int) viceId) < 0) {
+                   status = ENOMEM;
+                   username = NULL;
+                   goto out;
+               }
            }
        }