upserver: Don't overflow file and hostname buffers

If the user specifies a ridiculously long command line, don't overflow the filename or hostname buffers with what they supply. Caught by coverity (#985911) Reviewed-on: http://gerrit.openafs.org/9546 Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com> (cherry picked from commit d672d5ee78) Change-Id: Id86f5488bfb3bbf5794af43e9f8fe84a2fe796c3 Reviewed-on: http://gerrit.openafs.org/11064 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
2025-01-18 15:00:12 +00:00 · 2013-03-04 16:22:08 +00:00 · 2013-03-04 16:22:08 +00:00 · 7597fdda3f
commit 7597fdda3f
parent fd403e3f2a
1 changed files with 12 additions and 4 deletions
--- a/src/update/client.c
+++ b/src/update/client.c
@ -193,10 +193,18 @@ main(int argc, char **argv)
 		    ("Usage: upclient <hostname> [-crypt] [-clear] [-t <retry time>] [-verbose]* <dir>+ [-help]\n");
 		exit(1);
 	    }
-	} else if (strlen(hostname) == 0)
-	    strcpy(hostname, argv[a]);
-	else {
-	    strcpy(filename, argv[a]);
+	} else if (strlen(hostname) == 0) {
+	    if (strlcpy(hostname, argv[a], sizeof(hostname))
+		    >= sizeof(hostname)) {
+		fprintf(stderr, "Supplied hostname is too long\n");
+		exit(1);
+	    }
+	} else {
+	    if (strlcpy(filename, argv[a], sizeof(filename))
+		    >= sizeof(filename)) {
+		fprintf(stderr, "Supplied filename is too long\n");
+		exit(1);
+	    }
 	    FilepathNormalize(filename);
 	    AddToList(&dirname, filename);
 	}