From 2902ef93976fd4baa1a1ed07f4940c5979702856 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:15:22 +0000
Subject: [PATCH] aklog: Protect against overflows from cmdline

The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.

Caught by coverity (#985764, #985904)

Change-Id: Ia8f1816b010eb2b85b537e156de2b7983e4626ba
Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/aklog/aklog.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index a77616d..cc77753 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1532,7 +1532,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-c") == 0)) && !pmode)
 	    if (++i < argc) {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(cell));
 	    }
 	    else
 		usage();
@@ -1552,7 +1552,7 @@ main(int argc, char *argv[])
 		  (strcmp(argv[i], "-p") == 0)) && !cmode)
 	    if (++i < argc) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else
 		usage();
@@ -1568,11 +1568,11 @@ main(int argc, char *argv[])
 	    if (strchr(argv[i], DIR) || (strcmp(argv[i], ".") == 0) ||
 		(strcmp(argv[i], "..") == 0)) {
 		pmode++;
-		strcpy(path, argv[i]);
+		strlcpy(path, argv[i], sizeof(path));
 	    }
 	    else {
 		cmode++;
-		strcpy(cell, argv[i]);
+		strlcpy(cell, argv[i], sizeof(path));
 	    }
 	}
 	else
@@ -1582,7 +1582,7 @@ main(int argc, char *argv[])
 	    if (((i + 1) < argc) && (strcmp(argv[i + 1], "-k") == 0)) {
 		i+=2;
 		if (i < argc)
-		    strcpy(realm, argv[i]);
+		    strlcpy(realm, argv[i], sizeof(realm));
 		else
 		    usage();
 	    }
@@ -1662,8 +1662,8 @@ main(int argc, char *argv[])
 	    FILE *f;
 	    char fcell[100], xlog_path[512];
 
-	    strcpy(xlog_path, pwd->pw_dir);
-	    strcat(xlog_path, "/.xlog");
+	    strlcpy(xlog_path, pwd->pw_dir, sizeof(xlog_path));
+	    strlcat(xlog_path, "/.xlog", sizeof(xlog_path));
 
 	    if ((stat(xlog_path, &sbuf) == 0) &&
 		((f = fopen(xlog_path, "r")) != NULL)) {
-- 
1.9.4