cmd: Use strl* rather than strn* to avoid overrun

The NName function was using strncat(a, b, sizeof(a)), which doesn't work as you would expect if 'a' already contains data. To avoid the potential buffer overflow, switch to just using strlcat. Caught by clang-analyzer Change-Id: Idd2c630c07a93b27e8d629339589aa6686290eae Reviewed-on: http://gerrit.openafs.org/7092 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Derrick Brashear <shadow@dementix.org>
2025-01-21 00:10:15 +00:00 · 2012-03-31 06:58:01 -04:00 · 2012-03-31 06:58:01 -04:00 · 9a007a9df4
commit 9a007a9df4
parent b5ebfec329
1 changed files with 2 additions and 3 deletions
--- a/src/cmd/cmd.c
+++ b/src/cmd/cmd.c
@ -42,9 +42,8 @@ NName(char *a1, char *a2)
    if (strlen(a1) == 0) {
        return "";
    } else {
-        strncpy(tbuffer, a1, sizeof(tbuffer));
-        strncat(tbuffer, a2, sizeof(tbuffer));
-        tbuffer[sizeof(tbuffer)-1]='\0';
+        strlcpy(tbuffer, a1, sizeof(tbuffer));
+        strlcat(tbuffer, a2, sizeof(tbuffer));
        return tbuffer;
    }
 }