rmtsys: Don't overflow pathname buffer
authorSimon Wilkinson <sxw@your-file-system.com>
Sat, 2 Mar 2013 10:15:10 +0000 (10:15 +0000)
committerJeffrey Altman <jaltman@your-file-system.com>
Thu, 7 Mar 2013 15:54:31 +0000 (07:54 -0800)
When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.

Instead of using a static buffer, just allocate one with asprintf.

Caught by coverity (#985910)

Change-Id: I2daa5613609f2c09712b12a7ce7e59b1c0028ef2
Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>

src/sys/rmtsysc.c

index 29c8996..2b16e22 100644 (file)
@@ -68,10 +68,14 @@ GetAfsServerAddr(char *syscall)
            fgets(server_name, 128, fp);
            fclose(fp);
        } else {
-           char pathname[256];
+           char *pathname;
 
-           sprintf(pathname, "%s/%s", home_dir, ".AFSSERVER");
+           asprintf(&pathname, "%s/%s", home_dir, ".AFSSERVER");
+           if (pathname == NULL)
+               return 0;
            fp = fopen(pathname, "r");
+           free(pathname);
+
            if (fp == 0) {
                /* Our last chance is the "/.AFSSERVER" file */
                fp = fopen("/.AFSSERVER", "r");