From da3dc59ce087ff2128a96f4dbf171e7ec38af218 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 10:15:10 +0000
Subject: [PATCH] rmtsys: Don't overflow pathname buffer

When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.

Instead of using a static buffer, just allocate one with asprintf.

Caught by coverity (#985910)

Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit f322b0ff1ec44d713c23d567f4d304e3dc65e702)

Change-Id: I588fecf4caee64915fc2e7730f68f051d6faa92a
Reviewed-on: http://gerrit.openafs.org/11043
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/sys/rmtsysc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/sys/rmtsysc.c b/src/sys/rmtsysc.c
index bac6f7ea59..6901febb07 100644
--- a/src/sys/rmtsysc.c
+++ b/src/sys/rmtsysc.c
@@ -38,6 +38,7 @@
 #include <grp.h>
 #endif
 #include <rx/xdr.h>
+#include <afs/afsutil.h>
 #include "rmtsys.h"
 #include "sys_prototypes.h"
 
@@ -84,10 +85,14 @@ GetAfsServerAddr(char *syscall)
 	    fgets(server_name, 128, fp);
 	    fclose(fp);
 	} else {
-	    char pathname[256];
+	    char *pathname;
 
-	    sprintf(pathname, "%s/%s", home_dir, ".AFSSERVER");
+	    afs_asprintf(&pathname, "%s/%s", home_dir, ".AFSSERVER");
+	    if (pathname == NULL)
+		return 0;
 	    fp = fopen(pathname, "r");
+	    free(pathname);
+
 	    if (fp == 0) {
 		/* Our last chance is the "/.AFSSERVER" file */
 		fp = fopen("/.AFSSERVER", "r");