vlserver: Use bounded string copy in FindByName()

Although the volname string passed to FindByName() is currently always
limited 65 characters (including the terminating nul), to be on the safe
side, use the bounded strlcpy() function when coping the volname to the
temporary tname local variable to avoid the possibility of overwriting
the stack with an unbounded strcpy().

Reviewed-on: https://gerrit.openafs.org/14763
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 494ec08cd04da6f96be02c7dc22d9bb0c409d63b)

Change-Id: I87b225de7d4ce81a4017f47f2d5088ebffd7c66a
Reviewed-on: https://gerrit.openafs.org/15538
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

src/vlserver/vlutils.c

@@ -696,15 +696,25 @@ FindByName(struct vl_ctx *ctx, char *volname, struct nvlentry *tentry,
     hashindex = strlen(volname);	/* really string length */
     if (hashindex >= 8 && strcmp(volname + hashindex - 7, ".backup") == 0) {
 	/* this is a backup volume */
-	strcpy(tname, volname);
+	if (strlcpy(tname, volname, sizeof(tname)) >= sizeof(tname)) {
+	    *error = VL_BADNAME;
+	    return 0;
+	}
 	tname[hashindex - 7] = 0;	/* zap extension */
     } else if (hashindex >= 10
 	       && strcmp(volname + hashindex - 9, ".readonly") == 0) {
 	/* this is a readonly volume */
-	strcpy(tname, volname);
+	if (strlcpy(tname, volname, sizeof(tname)) >= sizeof(tname)) {
+	    *error = VL_BADNAME;
+	    return 0;
+	}
 	tname[hashindex - 9] = 0;	/* zap extension */
-    } else
-	strcpy(tname, volname);
+    } else {
+	if (strlcpy(tname, volname, sizeof(tname)) >= sizeof(tname)) {
+	    *error = VL_BADNAME;
+	    return 0;
+	}
+    }
 
     *error = 0;
     hashindex = NameHash(tname);