[OpenAFS-devel] possible source of buffer overflows...

[Neulinger, Nathan]

I'm not sure there is any possibility that they might exist, but it seems
like something that should be fixed.

The "strcompose" routine, used at least in auth/userok.c, does not take a
maximum size, just a buffer to write into. If this were ever used with user
input anywhere in the code, it could overflow the buffer. I'd say all uses
of 'strcompose' should probably be updated with a maximum buffer size and
the routine adjusted to check size.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216