OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_6-20-g473322a

Gerrit Code Review gerrit@openafs.org
Wed, 12 Feb 2014 06:26:38 -0800 (PST)


The following commit has been merged in the openafs-stable-1_6_x branch:
commit 473322a453bbc409d54ab21e1d9637eaf15f085a
Author: Benjamin Kaduk <kaduk@mit.edu>
Date:   Wed Jan 22 06:00:00 2014 +0100

    cmd: Avoid unsafe use of strncat
    
    The NName function was using strncat(a, b, sizeof(a)), which doesn't
    work as you would expect if 'a' already contains data, giving a potential
    buffer overflow.
    
    This was fixed on master in commit 9a007a9df43645b63a8b642029b4931928f9268b
    by using strlcat from libroken, but we do not use libroken on the 1.6
    branch. Instead, modify the strncat invocation to use a safer maximum
    length to copy.
    
    This is a 1.6-specific change.
    
    Change-Id: Ifa41e603a1c98682550afadd063def4b9706d9e2
    Reviewed-on: http://gerrit.openafs.org/10731
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: D Brashear <shadow@your-file-system.com>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

 src/cmd/cmd.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

-- 
OpenAFS Master Repository