From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 30 Nov 2012 13:31:18 +0000 (-0700)
Subject: negotiate_kerberos_auth: better bounds checking
X-Git-Tag: SQUID_3_2_4~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b606e32f2342cac7d06b05a6a48c4a88deabb4f;p=thirdparty%2Fsquid.git

negotiate_kerberos_auth: better bounds checking

* sysconf() may return -N values on some platforms or values larger than
  the hard-coded 1024 buffer size for hostname. Use sizeof() instead
  since the buffer is hardcoded anyway.

* also, use return instead of exit() on the test binary to reduce
  warnings from static analysis compilers.

 Detected by Coverity Scan. Issues 740392, 740484
---

diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
index e383387412..94f73542ed 100644
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
@@ -119,7 +119,7 @@ gethost_name(void)
     struct addrinfo *hres = NULL, *hres_list;
     int rc, count;
 
-    rc = gethostname(hostname, sysconf(_SC_HOST_NAME_MAX));
+    rc = gethostname(hostname, sizeof(hostname)-1);
     if (rc) {
         fprintf(stderr, "%s| %s: ERROR: resolving hostname '%s' failed\n",
                 LogTime(), PROGRAM, hostname);
@@ -148,7 +148,7 @@ gethost_name(void)
         return NULL;
     }
     freeaddrinfo(hres);
-    hostname[sysconf(_SC_HOST_NAME_MAX) - 1] = '\0';
+    hostname[sizeof(hostname)-1] = '\0';
     return (xstrdup(hostname));
 }
 
diff --git a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
index 4660bdc850..5b737df44b 100644
--- a/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
+++ b/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc
@@ -213,14 +213,13 @@ cleanup:
 int
 main(int argc, char *argv[])
 {
-
     const char *Token;
     int count;
 
     if (argc < 2) {
         fprintf(stderr, "%s| %s: Error: No proxy server name given\n",
                 LogTime(), PROGRAM);
-        exit(99);
+        return 99;
     }
     if (argc == 3) {
         count = atoi(argv[2]);
@@ -235,7 +234,7 @@ main(int argc, char *argv[])
         fprintf(stdout, "Token: %s\n", Token ? Token : "NULL");
     }
 
-    exit(0);
+    return 0;
 }
 
 #else
@@ -243,7 +242,7 @@ main(int argc, char *argv[])
 int
 main(int argc, char *argv[])
 {
-    exit(-1);
+    return -1;
 }
 
 #endif /* HAVE_GSSAPI */