From 110b2b674f0e2fda46d01a0b038c49bcc410cca4 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 12:09:42 +0000
Subject: [PATCH] aklog: Avoid overflows in get_afs_mountpoint

When working with the fixed length cellname buffer, use
strlcat and strlcpy rather than strcat and strcpy.

Caught by coverity (#985763)

Reviewed-on: http://gerrit.openafs.org/9445
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 19d2683d711f95165adc16fac765bb4a31c99043)

Change-Id: I91c169380600496a8b5148fffcb1a21feb1eee29
Reviewed-on: http://gerrit.openafs.org/11059
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/aklog/aklog.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index b6d2a5c5a3..283b22067e 100644
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -1125,8 +1125,7 @@ get_afs_mountpoint(char *file, char *mountpoint, int size)
     struct ViceIoctl vio;
     char cellname[BUFSIZ];
 
-    memset(our_file, 0, sizeof(our_file));
-    strcpy(our_file, file);
+    strlcpy(our_file, file, sizeof(our_file));
 
     if ((last_component = strrchr(our_file, DIR))) {
 	*last_component++ = 0;
@@ -1152,8 +1151,8 @@ get_afs_mountpoint(char *file, char *mountpoint, int size)
 	    vio.out = cellname;
 
 	    if (!pioctl(file, VIOC_FILE_CELL_NAME, &vio, 1)) {
-		strcat(cellname, VOLMARKERSTRING);
-		strcat(cellname, mountpoint + 1);
+		strlcat(cellname, VOLMARKERSTRING, sizeof(cellname));
+		strlcat(cellname, mountpoint + 1, sizeof(cellname));
 		memset(mountpoint + 1, 0, size - 1);
 		strcpy(mountpoint + 1, cellname);
 	    }