From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 31 Mar 2012 10:58:01 +0000 (-0400)
Subject: cmd: Use strl* rather than strn* to avoid overrun
X-Git-Tag: openafs-stable-1_8_0pre1~2600
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=9a007a9df43645b63a8b642029b4931928f9268b

cmd: Use strl* rather than strn* to avoid overrun

The NName function was using strncat(a, b, sizeof(a)), which doesn't
work as you would expect if 'a' already contains data. To avoid the
potential buffer overflow, switch to just using strlcat.

Caught by clang-analyzer

Change-Id: Idd2c630c07a93b27e8d629339589aa6686290eae
Reviewed-on: http://gerrit.openafs.org/7092
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
---

diff --git a/src/cmd/cmd.c b/src/cmd/cmd.c
index 90fa470..f5282a3 100644
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@@ -42,9 +42,8 @@ NName(char *a1, char *a2)
     if (strlen(a1) == 0) {
         return "";
     } else {
-        strncpy(tbuffer, a1, sizeof(tbuffer));
-        strncat(tbuffer, a2, sizeof(tbuffer));
-        tbuffer[sizeof(tbuffer)-1]='\0';
+        strlcpy(tbuffer, a1, sizeof(tbuffer));
+        strlcat(tbuffer, a2, sizeof(tbuffer));
         return tbuffer;
     }
 }