The following commit has been merged in the openafs-stable-1_6_x branch:
commit 13515489cbfd138d221d54bdedc4bf44ff24778e
Author: Simon Wilkinson <[email protected]>
Date: Tue Feb 26 22:27:25 2013 +0000
auth: Fix buffer overflow in afsconf_Open
If we fallback to the .AFSCONF file in the user's homedirectory,
the results of getenv("HOME") are copied into a fixed length string,
without checking for overflows.
Instead of risking this, just use asprintf to dynamically construct
a string, and free it when we are done.
Caught by coverity (#985905)
Reviewed-on: http://gerrit.openafs.org/9292
Tested-by: BuildBot <[email protected]>
Reviewed-by: Derrick Brashear <[email protected]>
Reviewed-by: Jeffrey Altman <[email protected]>
(cherry picked from commit 41d9ea697bf5e81e5003ad7b208788223c25536b)
Change-Id: I5b8664328dd0d397cbe459ff1e7667e63afc31e2
Reviewed-on: http://gerrit.openafs.org/11019
Tested-by: BuildBot <[email protected]>
Reviewed-by: Chas Williams - CONTRACTOR <[email protected]>
Reviewed-by: Andrew Deason <[email protected]>
Reviewed-by: Benjamin Kaduk <[email protected]>
Reviewed-by: Stephan Wiesand <[email protected]>
src/auth/cellconfig.c | 12 ++++++++++--
1 files changed, 10 insertions(+), 2 deletions(-)
--
OpenAFS Master Repository
_______________________________________________
OpenAFS-cvs mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-cvs
