From f322b0ff1ec44d713c23d567f4d304e3dc65e702 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Sat, 2 Mar 2013 10:15:10 +0000
Subject: [PATCH] rmtsys: Don't overflow pathname buffer

When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.

Instead of using a static buffer, just allocate one with asprintf.

Caught by coverity (#985910)

Change-Id: I2daa5613609f2c09712b12a7ce7e59b1c0028ef2
Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/sys/rmtsysc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/sys/rmtsysc.c b/src/sys/rmtsysc.c
index 29c899627e..2b16e22274 100644
--- a/src/sys/rmtsysc.c
+++ b/src/sys/rmtsysc.c
@@ -68,10 +68,14 @@ GetAfsServerAddr(char *syscall)
 	    fgets(server_name, 128, fp);
 	    fclose(fp);
 	} else {
-	    char pathname[256];
+	    char *pathname;
 
-	    sprintf(pathname, "%s/%s", home_dir, ".AFSSERVER");
+	    asprintf(&pathname, "%s/%s", home_dir, ".AFSSERVER");
+	    if (pathname == NULL)
+		return 0;
 	    fp = fopen(pathname, "r");
+	    free(pathname);
+
 	    if (fp == 0) {
 		/* Our last chance is the "/.AFSSERVER" file */
 		fp = fopen("/.AFSSERVER", "r");