From 1162fcdba6c5234f4ac36e17f29e01ae04950004 Mon Sep 17 00:00:00 2001
From: Cheyenne Wills <cwills@sinenomine.net>
Date: Tue, 7 Jun 2022 12:19:44 -0600
Subject: [PATCH] Prevent sscanf format widths from overrunning array

cppcheck noted these instances of sscanf could wipe out the ending null
terminator.  Length is now macro expanded rather than hard coded and the
array itself is one unit longer to avoid the overrun.

Change-Id: Ic76e1b74701d7fb7b722ba1f8eae3a4d16e91f65
Reviewed-on: https://gerrit.openafs.org/13136
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
---
 src/kauth/kkids.c   | 5 +++--
 src/sys/rmtsysnet.c | 7 ++++---
 src/uss/uss_acl.c   | 7 ++++---
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/kauth/kkids.c b/src/kauth/kkids.c
index 979e54416a..d5437f152f 100644
--- a/src/kauth/kkids.c
+++ b/src/kauth/kkids.c
@@ -15,6 +15,7 @@
 #include <afsconfig.h>
 #include <afs/param.h>
 #include <afs/stds.h>
+#include <afs/opr.h>
 
 #include <roken.h>
 
@@ -228,7 +229,7 @@ static struct Acl *
 ParseAcl(char *astr)
 {
     int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
     struct AclEntry *first, *last, *tl;
     struct Acl *ta;
     sscanf(astr, "%d", &nplus);
@@ -242,7 +243,7 @@ ParseAcl(char *astr)
     last = 0;
     first = 0;
     for (i = 0; i < nplus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	SkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
diff --git a/src/sys/rmtsysnet.c b/src/sys/rmtsysnet.c
index 296145eeb4..da6b3e64e4 100644
--- a/src/sys/rmtsysnet.c
+++ b/src/sys/rmtsysnet.c
@@ -9,6 +9,7 @@
 
 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/opr.h>
 
 #include <roken.h>
 
@@ -65,7 +66,7 @@ struct Acl *
 RParseAcl(char *astr)
 {
     int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
     struct AclEntry *first, *last, *tl;
     struct Acl *ta;
     sscanf(astr, "%d", &nplus);
@@ -80,7 +81,7 @@ RParseAcl(char *astr)
     last = 0;
     first = 0;
     for (i = 0; i < nplus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	astr = RSkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
@@ -97,7 +98,7 @@ RParseAcl(char *astr)
     last = 0;
     first = 0;
     for (i = 0; i < nminus; i++) {
-	sscanf(astr, "%100s %d", tname, &trights);
+	sscanf(astr, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	astr = RSkipLine(astr);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
diff --git a/src/uss/uss_acl.c b/src/uss/uss_acl.c
index ee945e82ba..003eff8b93 100644
--- a/src/uss/uss_acl.c
+++ b/src/uss/uss_acl.c
@@ -17,6 +17,7 @@
  */
 #include <afsconfig.h>
 #include <afs/param.h>
+#include <afs/opr.h>
 
 #include <roken.h>
 
@@ -404,7 +405,7 @@ ParseAcl(char *a_str)
 {				/*ParseAcl */
 
     int nplus, nminus, i, trights;
-    char tname[MAXNAME];
+    char tname[MAXNAME + 1] = "";
     struct AclEntry *first, *last, *tl;
     struct Acl *ta;
 
@@ -430,7 +431,7 @@ ParseAcl(char *a_str)
     last = 0;
     first = 0;
     for (i = 0; i < nplus; i++) {
-	sscanf(a_str, "%100s %d", tname, &trights);
+	sscanf(a_str, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	a_str = SkipLine(a_str);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)
@@ -450,7 +451,7 @@ ParseAcl(char *a_str)
     last = 0;
     first = 0;
     for (i = 0; i < nminus; i++) {
-	sscanf(a_str, "%100s %d", tname, &trights);
+	sscanf(a_str, "%" opr_stringize(MAXNAME) "s %d", tname, &trights);
 	a_str = SkipLine(a_str);
 	tl = malloc(sizeof(struct AclEntry));
 	if (!first)