If the filename passed to open_file was larger than MAXPATHLEN-5,
then we'd overflow the oldName buffer when creating the backup
filename. Fix the overflow by using a malloc'd buffer instead.
Caught by coverity (#985767)
Change-Id: Ie364aae0749b3658ab11a354844878d10c6970ab
Reviewed-on: http://gerrit.openafs.org/9448
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
open_file(const char *fileName)
{
int tempfd, flags;
- char oldName[MAXPATHLEN];
+ char *oldName;
#ifndef AFS_NT40_ENV
struct stat statbuf;
} else
#endif
{
- strcpy(oldName, fileName);
- strcat(oldName, ".old");
+ asprintf(&oldName, "%s.old", fileName);
+ if (oldName == NULL) {
+ printf("Warning: Unable to create backup filename. Auditing ignored\n");
+ return 1;
+ }
rk_rename(fileName, oldName);
flags = O_WRONLY | O_TRUNC | O_CREAT;
+ free(oldName);
}
tempfd = open(fileName, flags, 0666);
if (tempfd > -1) {