afsmonitor: Fix theoretical overflow of handler string
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 12:00:47 +0000 (12:00 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Sun, 10 Mar 2013 03:15:45 +0000 (19:15 -0800)
Don't do an unbounded copy into the thresh structure's handler
string, in case the caller has passed us a string which is too
long.

Instead, switch to strlcpy for all string copies.

Caught by coverity (#985761)

Change-Id: I80e3d35d7a9a4b57e8efc0cb0c7b2dc12f021063
Reviewed-on: http://gerrit.openafs.org/9443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/afsmonitor/afsmonitor.c

index 9ba8b38..b617ecd 100644 (file)
@@ -989,10 +989,12 @@ store_threshold(int a_type,               /* 1 = fs , 2 = cm */
            for (j = 0; j < tmp_host->numThresh; j++) {
                if ((threshP->itemName[0] == '\0')
                    || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-                   strncpy(threshP->itemName, a_varName,
-                           THRESH_VAR_NAME_LEN);
-                   strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-                   strcpy(threshP->handler, a_handler);
+                   strlcpy(threshP->itemName, a_varName,
+                           sizeof(threshP->itemName));
+                   strlcpy(threshP->threshVal, a_value,
+                           sizeof(threshP->threshVal));
+                   strlcpy(threshP->handler, a_handler,
+                           sizeof(threshP->handler));
                    threshP->index = index;
                    done = 1;
                    break;
@@ -1044,9 +1046,9 @@ store_threshold(int a_type,               /* 1 = fs , 2 = cm */
     for (i = 0; i < tmp_host->numThresh; i++) {
        if ((threshP->itemName[0] == '\0')
            || (strcasecmp(threshP->itemName, a_varName) == 0)) {
-           strncpy(threshP->itemName, a_varName, THRESH_VAR_NAME_LEN);
-           strncpy(threshP->threshVal, a_value, THRESH_VAR_LEN);
-           strcpy(threshP->handler, a_handler);
+           strlcpy(threshP->itemName, a_varName, sizeof(threshP->itemName));
+           strlcpy(threshP->threshVal, a_value, sizeof(threshP->threshVal));
+           strlcpy(threshP->handler, a_handler, sizeof(threshP->handler));
            threshP->index = index;
            done = 1;
            break;