auth: Catch long cells in backwards compat code

ktc_SetTokenEx can fall back to calling the SetToken pioctl when the kernel module doesn't support the newer call. When we do this, we have to transform the token structure into the older format. Catch tokens whose cells are too long to be represented in the older format, and bail with KTC_INVAL, rather than overflowing the array. Caught by coverity (#985770) Change-Id: Ibaa1cc92c494cc6f4e56ebe7b16109d4558db131 Reviewed-on: http://gerrit.openafs.org/9449 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
2025-01-18 23:10:58 +00:00 · 2013-03-02 12:55:18 +00:00 · 2013-03-02 12:55:18 +00:00 · 8c664a8c0f
commit 8c664a8c0f
parent b0b3def56c
1 changed files with 5 additions and 1 deletions
--- a/src/auth/ktc.c
+++ b/src/auth/ktc.c
@ -356,7 +356,11 @@ ktc_SetTokenEx(struct ktc_setTokenData *token) {

 	memset(&server, 0, sizeof(server));
 	strcpy(server.name, "afs");
-	strcpy(server.cell, token->cell);
+	if (strlcpy(server.cell, token->cell, sizeof(server.cell))
+		>= sizeof(server.cell)) {
+	    free(rxkadToken);
+	    return KTC_INVAL;
+	}
 	code = ktc_SetToken(&server, rxkadToken, &client, flags);
 	free(rxkadToken);
 	return code;