From 286f9e47d97c55bd8724a65350cf162478eea87c Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 09:26:05 +0000
Subject: [PATCH] auth: Don't overflow cell string

If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.

Caught by coverity (#985768, #985769)

Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 362728d2d6d53011603dc39f691707db20866434)

Change-Id: I839c330a232525ddccc7957ead785c7ed9beec88
Reviewed-on: http://gerrit.openafs.org/11036
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/auth/ktc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/auth/ktc.c b/src/auth/ktc.c
index 832ddd67a0..ee89982cd0 100644
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@@ -542,7 +542,7 @@ ktc_GetToken(struct ktc_principal *aserver, struct ktc_token *atoken,
 		atoken->ticketLen = tktLen;
 
 		if (aclient) {
-		    strcpy(aclient->cell, cellp);
+		    strlcpy(aclient->cell, cellp, sizeof(aclient->cell));
 		    aclient->instance[0] = 0;
 
 		    if ((atoken->kvno == 999) ||	/* old style bcrypt ticket */
@@ -726,7 +726,7 @@ ktc_ListTokens(int aprevIndex,
     tp += temp;			/* skip clear token itself */
     tp += sizeof(afs_int32);	/* skip primary flag */
     /* tp now points to the cell name */
-    strcpy(aserver->cell, tp);
+    strlcpy(aserver->cell, tp, sizeof(aserver->cell));
     aserver->instance[0] = 0;
     strcpy(aserver->name, "afs");
 #endif /* NO_AFS_CLIENT */