negotiate_kerberos_auth: better bounds checking

* sysconf() may return -N values on some platforms or values larger than
  the hard-coded 1024 buffer size for hostname. Use sizeof() instead
  since the buffer is hardcoded anyway.

* also, use return instead of exit() on the test binary to reduce
  warnings from static analysis compilers.

 Detected by Coverity Scan. Issues 740392, 740484

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
index 5389f62a52c59ec8a1e29a577569665874c11d30..d7b35a8b5e4f063207da6f2a24615388f759d27a 100644 (file)
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
@@ -120,7 +120,7 @@ gethost_name(void)
     struct addrinfo *hres = NULL, *hres_list;
     int rc, count;
 
-    rc = gethostname(hostname, sysconf(_SC_HOST_NAME_MAX));
+    rc = gethostname(hostname, sizeof(hostname)-1);
     if (rc) {
         fprintf(stderr, "%s| %s: ERROR: resolving hostname '%s' failed\n",
                 LogTime(), PROGRAM, hostname);
@@ -149,7 +149,7 @@ gethost_name(void)
         return NULL;
     }
     freeaddrinfo(hres);
-    hostname[sysconf(_SC_HOST_NAME_MAX) - 1] = '\0';
+    hostname[sizeof(hostname)-1] = '\0';
     return (xstrdup(hostname));
 }
 

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
index 898a38e6ed17230706f49caa5e690ce5ae0c1d95..0299f5345630d75d67719fea2581bae125d9748b 100644 (file)
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
@@ -213,14 +213,13 @@ cleanup:
 int
 main(int argc, char *argv[])
 {
-
     const char *Token;
     int count;
 
     if (argc < 2) {
         fprintf(stderr, "%s| %s: Error: No proxy server name given\n",
                 LogTime(), PROGRAM);
-        exit(99);
+        return 99;
     }
     if (argc == 3) {
         count = atoi(argv[2]);
@@ -235,7 +234,7 @@ main(int argc, char *argv[])
         fprintf(stdout, "Token: %s\n", Token ? Token : "NULL");
     }
 
-    exit(0);
+    return 0;
 }
 
 #else
@@ -243,7 +242,7 @@ main(int argc, char *argv[])
 int
 main(int argc, char *argv[])
 {
-    exit(-1);
+    return -1;
 }
 
 #endif /* HAVE_GSSAPI */