kauth: Don't overflow stack when building username
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 09:35:01 +0000 (09:35 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Sun, 10 Mar 2013 03:13:39 +0000 (19:13 -0800)
knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.

Caught by coverity (#985829)

Change-Id: I75431212c8464861a26546c9e47d13acbff08967
Reviewed-on: http://gerrit.openafs.org/9351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/kauth/knfs.c

index 81a03d6..6289829 100644 (file)
@@ -99,7 +99,7 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
     int maxLen;                        /* biggest ticket we can copy */
     int tktLen;                        /* server ticket length */
     time_t tokenExpireTime;
-    char UserName[16];
+    char UserName[MAXKTCNAMELEN + MAXKTCNAMELEN];
     struct ktc_token token;
     struct ktc_principal clientName;
     time_t current_time;
@@ -186,10 +186,10 @@ GetTokens(afs_int32 ahost, afs_int32 auid)
                strlcpy(clientName.cell, tp, sizeof(clientName.cell));
 
                tokenExpireTime = token.endTime;
-               strcpy(UserName, clientName.name);
+               strlcpy(UserName, clientName.name, sizeof(UserName));
                if (clientName.instance[0] != 0) {
-                   strcat(UserName, ".");
-                   strcat(UserName, clientName.instance);
+                   strlcat(UserName, ".", sizeof(UserName));
+                   strlcat(UserName, clientName.instance, sizeof(UserName));
                }
                if (UserName[0] == 0)
                    printf("Tokens");