jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-19 07:20:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bos: Don't overflow buffer with key data

Browse Source 
When parsing key data from the command line, don't overflow the
buffer used to hold it - instead just give an error if the data
is too long.

Caught by coverity (#985775)

Change-Id: I44fb62d30c5022e650475b3ca51a28bcb7cf1e06
Reviewed-on: http://gerrit.openafs.org/9550
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
This commit is contained in:
Simon Wilkinson 2013-03-08 13:02:26 +00:00 committed by Derrick Brashear
parent 45993e3ad5
commit 4e9c6eb9d5
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/bozo/bos.c
View File

@ -793,9 +793,12 @@ AddKey(struct cmd_syndesc *as, void *arock)
tconn = GetConn(as, 1);
memset(&tkey, 0, sizeof(struct ktc_encryptionKey));
if (as->parms[1].items)
strcpy(buf, as->parms[1].items->data);
else {
if (as->parms[1].items) {
if (strlcpy(buf, as->parms[1].items->data, sizeof(buf)) >= sizeof(buf)) {
fprintf(stderr, "Key data too long for buffer\n");
exit(1);
}
} else {
/* prompt for key */
code = UI_UTIL_read_pw_string(buf, sizeof(buf), "input key: ", 0);
if (code || strlen(buf) == 0) {