Prevent sscanf format widths from overrunning array

cppcheck noted these instances of sscanf could wipe out the ending null terminator. Length is now macro expanded rather than hard coded and the array itself is one unit longer to avoid the overrun. Change-Id: Ic76e1b74701d7fb7b722ba1f8eae3a4d16e91f65 Reviewed-on: https://gerrit.openafs.org/13136 Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
2025-01-31 13:38:01 +00:00 · 2022-06-07 12:19:44 -06:00 · 2022-06-07 12:19:44 -06:00 · 1162fcdba6
commit 1162fcdba6
parent 7f54bbe156
3 changed files with 11 additions and 8 deletions
--- a/src/kauth/kkids.c
+++ b/src/kauth/kkids.c
@ -15,6 +15,7 @@
 #include <afsconfig.h>
 #include <afs/param.h>
 #include <afs/stds.h>
+#include <afs/opr.h>

 #include <roken.h>

@ -228,7 +229,7 @@ static struct Acl *
 ParseAcl(char *astr)
 {
    int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
    struct AclEntry *first, *last, *tl;
    struct Acl *ta;
    sscanf(astr, "%d", &nplus);
@ -242,7 +243,7 @@ ParseAcl(char *astr)
    last = 0;
    first = 0;
    for (i = 0; i < nplus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	SkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
--- a/src/sys/rmtsysnet.c
+++ b/src/sys/rmtsysnet.c
@ -9,6 +9,7 @@

 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/opr.h>

 #include <roken.h>

@ -65,7 +66,7 @@ struct Acl *
 RParseAcl(char *astr)
 {
    int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
    struct AclEntry *first, *last, *tl;
    struct Acl *ta;
    sscanf(astr, "%d", &nplus);
@ -80,7 +81,7 @@ RParseAcl(char *astr)
    last = 0;
    first = 0;
    for (i = 0; i < nplus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	astr = RSkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
@ -97,7 +98,7 @@ RParseAcl(char *astr)
    last = 0;
    first = 0;
    for (i = 0; i < nminus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	astr = RSkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
--- a/src/uss/uss_acl.c
+++ b/src/uss/uss_acl.c
@ -17,6 +17,7 @@
 */
 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/opr.h>

 #include <roken.h>

@ -404,7 +405,7 @@ ParseAcl(char *a_str)
 {				/*ParseAcl */

    int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
    struct AclEntry *first, *last, *tl;
    struct Acl *ta;

@ -430,7 +431,7 @@ ParseAcl(char *a_str)
    last = 0;
    first = 0;
    for (i = 0; i < nplus; i++) {
-	sscanf(a_str, "%100s %d", tname, &trights);
+	sscanf(a_str, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	a_str = SkipLine(a_str);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
@ -450,7 +451,7 @@ ParseAcl(char *a_str)
    last = 0;
    first = 0;
    for (i = 0; i < nminus; i++) {
-	sscanf(a_str, "%100s %d", tname, &trights);
+	sscanf(a_str, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	a_str = SkipLine(a_str);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)