OpenAFS Master Repository branch, openafs-stable-1_6_x, updated. openafs-stable-1_6_6-20-g473322a
Gerrit Code Review
gerrit@openafs.org
Wed, 12 Feb 2014 06:26:38 -0800 (PST)
The following commit has been merged in the openafs-stable-1_6_x branch:
commit 473322a453bbc409d54ab21e1d9637eaf15f085a
Author: Benjamin Kaduk <kaduk@mit.edu>
Date: Wed Jan 22 06:00:00 2014 +0100
cmd: Avoid unsafe use of strncat
The NName function was using strncat(a, b, sizeof(a)), which doesn't
work as you would expect if 'a' already contains data, giving a potential
buffer overflow.
This was fixed on master in commit 9a007a9df43645b63a8b642029b4931928f9268b
by using strlcat from libroken, but we do not use libroken on the 1.6
branch. Instead, modify the strncat invocation to use a safer maximum
length to copy.
This is a 1.6-specific change.
Change-Id: Ifa41e603a1c98682550afadd063def4b9706d9e2
Reviewed-on: http://gerrit.openafs.org/10731
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
src/cmd/cmd.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository