jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

audit: Fix overflow in file backend

Browse Source 
If the filename passed to open_file was larger than MAXPATHLEN-5,
then we'd overflow the oldName buffer when creating the backup
filename. Fix the overflow by using a malloc'd buffer instead.

Caught by coverity (#985767)

Change-Id: Ie364aae0749b3658ab11a354844878d10c6970ab
Reviewed-on: http://gerrit.openafs.org/9448
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
This commit is contained in:
Simon Wilkinson 2013-03-02 12:38:49 +00:00 committed by Derrick Brashear
parent 249a593460
commit b0b3def56c
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/audit/audit-file.c
View File

@ -39,7 +39,7 @@ static int
open_file(const char *fileName)
{
int tempfd, flags;
char oldName[MAXPATHLEN];
char *oldName;
#ifndef AFS_NT40_ENV
struct stat statbuf;
@ -50,10 +50,14 @@ open_file(const char *fileName)
} else
#endif
{
strcpy(oldName, fileName);
strcat(oldName, ".old");
asprintf(&oldName, "%s.old", fileName);
if (oldName == NULL) {
printf("Warning: Unable to create backup filename. Auditing ignored\n");
return 1;
}
rk_rename(fileName, oldName);
flags = O_WRONLY | O_TRUNC | O_CREAT;
free(oldName);
}
tempfd = open(fileName, flags, 0666);
if (tempfd > -1) {