From cc95fca8e16f83d7dda3f09a5133dc9294299d61 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Sat, 2 Mar 2013 13:01:14 +0000 Subject: [PATCH] auth: Don't overflow buffer in CompFindUser The fullname buffer in CompFindUser is theoretically big enough to take the data usually supplied to it. However, play it safe by using strlcat and strlcpy to catch buffer overflows. Caught by coverity (#985771) Change-Id: Icc80d012b61ae90e1a62a814f7a6d552bb264294 Reviewed-on: http://gerrit.openafs.org/9543 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Derrick Brashear --- src/auth/userok.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/auth/userok.c b/src/auth/userok.c index eb98b32363..f66acf1df2 100644 --- a/src/auth/userok.c +++ b/src/auth/userok.c @@ -553,7 +553,9 @@ CompFindUser(struct afsconf_dir *adir, char *name, char *sep, char *inst, if (!name || !name[0]) { return 0; } - strcpy(fullname, name); + + if (strlcpy(fullname, name, sizeof(fullname)) >= sizeof(fullname)) + return 0; /* might have instance */ if (inst && inst[0]) { @@ -561,14 +563,20 @@ CompFindUser(struct afsconf_dir *adir, char *name, char *sep, char *inst, return 0; } - strcat(fullname, sep); - strcat(fullname, inst); + if (strlcat(fullname, sep, sizeof(fullname)) >= sizeof(fullname)) + return 0; + + if (strlcat(fullname, inst, sizeof(fullname)) >= sizeof(fullname)) + return 0; } /* might have realm */ if (realm && realm[0]) { - strcat(fullname, "@"); - strcat(fullname, realm); + if (strlcat(fullname, "@", sizeof(fullname)) >= sizeof(fullname)) + return 0; + + if (strlcat(fullname, realm, sizeof(fullname)) >= sizeof(fullname)) + return 0; } testId = rx_identity_new(RX_ID_KRB4, fullname, fullname, strlen(fullname));