bos: Don't overflow cellname buffer

Don't overflow the fixed sized cellname buffer when copying the
information in from the command line - instead, just use a
dynamically allocated buffer.

Caught by coverity (#985775)

Change-Id: If87b1ba9bcb990d3145a89627e212144cd78f5a0
Reviewed-on: http://gerrit.openafs.org/9549
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

src/bozo/bos.c

@@ -788,8 +788,6 @@ AddKey(struct cmd_syndesc *as, void *arock)
     afs_int32 code;
     struct ktc_encryptionKey tkey;
     afs_int32 temp;
-    char *tcell;
-    char cellBuffer[256];
     char buf[BUFSIZ], ver[BUFSIZ];
 
     tconn = GetConn(as, 1);
@@ -824,22 +822,29 @@ AddKey(struct cmd_syndesc *as, void *arock)
 */
 	strcpy((char *)&tkey, buf);
     } else {			/* kerberos key */
+	char *tcell;
 	if (as->parms[ADDPARMOFFSET].items) {
-	    strcpy(cellBuffer, as->parms[ADDPARMOFFSET].items->data);
+	    tcell = strdup(as->parms[ADDPARMOFFSET].items->data);
+	    if (tcell == NULL) {
+		fprintf(stderr, "bos: Unable to allocate memory for cellname\n");
+		exit(1);
+	    }
 
 	    /* string to key needs upper-case cell names */
 
 	    /* I don't believe this is true.  The string to key function
 	     * actually expands the cell name, then LOWER-CASES it.  Perhaps it
 	     * didn't use to??? */
-	    ucstring(cellBuffer, cellBuffer, strlen(cellBuffer));
+	    ucstring(tcell, tcell, strlen(tcell));
-	    tcell = cellBuffer;
 	} else
 	    tcell = NULL;	/* no cell specified, use current */
 /*
 	ka_StringToKey(as->parms[1].items->data, tcell, &tkey);
 */
 	ka_StringToKey(buf, tcell, &tkey);
+
+	if (tcell)
+	    free(tcell);
     }
     code = BOZO_AddKey(tconn, temp, ktc_to_bozoptr(&tkey));
     if (code) {