pullup from 1.2-beta4

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12499 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 44 insertions, 24 deletions

diff --git a/src/windows/cns/ChangeLog b/src/windows/cns/ChangeLog
index f99c56a..b420e42 100644
--- a/src/windows/cns/ChangeLog
+++ b/src/windows/cns/ChangeLog
@@ -1,3 +1,12 @@
+2000-05-08  Ken Raeburn  <raeburn@mit.edu>
+	    Nalin Dahyabhai  <nalin@redhat.com>
+	
+	* cns.c (kwin_push_login): Don't overflow buffer "fullname".
+	(kwin_command): Don't overflow buffer "copyright".
+	* cns_reg.c (cns_load_registry): Don't overflow buffer
+	"cns_res.def_confname".
+	* tktlist.c (ticket_init_list): Don't overflow buffer "buf".
+
 1999-12-03  Danilo Almeida  <dalmeida@mit.edu>
 
 	* Makefile.in: Windows fix for updated win-pre.in.
diff --git a/src/windows/cns/cns.c b/src/windows/cns/cns.c
index 7af81fc..512f2f5 100644
--- a/src/windows/cns/cns.c
+++ b/src/windows/cns/cns.c
@@ -384,12 +384,13 @@ kwin_push_login(HWND hwnd, char *name, char *instance, char *realm)
   char menuitem[MAX_K_NAME_SZ + 3];
   BOOL rc;
 
-  strcpy(fullname, "&x ");
-  strcat(fullname, name);
-  strcat(fullname, ".");
-  strcat(fullname, instance);
-  strcat(fullname, "@");
-  strcat(fullname, realm);
+  fullname[sizeof(fullname) - 1] = '\0';
+  strncpy(fullname, "&x ", sizeof(fullname) - 1);
+  strncat(fullname, name, sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, ".", sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, instance, sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, "@", sizeof(fullname) - 1 - strlen(fullname));
+  strncat(fullname, realm, sizeof(fullname) - 1 - strlen(fullname));
 
   hmenu = GetMenu(hwnd);
   assert(hmenu != NULL);
@@ -1339,14 +1340,16 @@ kwin_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify)
     strcpy(copyright, "        Kerberos V5 for Windows ");
 #endif
 #ifdef _WIN32
-    strcat(copyright, "32-bit\n");
+    strncat(copyright, "32-bit\n", sizeof(copyright) - 1 - strlen(copyright));
 #else
-    strcat(copyright, "16-bit\n");
+    strncat(copyright, "16-bit\n", sizeof(copyright) - 1 - strlen(copyright));
 #endif
-    strcat(copyright, "\n                Version 1.12\n\n");
+    strncat(copyright, "\n                Version 1.12\n\n",
+            sizeof(copyright) - 1 - strlen(copyright));
 #ifdef ORGANIZATION
-    strcat(copyright, "          For information, contact:\n");
-    strcat(copyright, ORGANIZATION);
+    strncat(copyright, "          For information, contact:\n",
+	    sizeof(copyright) - 1 - strlen(copyright));
+    strncat(copyright, ORGANIZATION, sizeof(copyright) - 1 - strlen(copyright));
 #endif
     MessageBox(hwnd, copyright, KWIN_DIALOG_NAME, MB_OK);
 
@@ -1469,8 +1472,9 @@ kwin_paint(HWND hwnd)
       sprintf(buf, "%s - %ld hr", KWIN_DIALOG_NAME, dt);
     }
 
+    buf[sizeof(buf) - 1] = '\0';
     if (dt > 1)
-      strcat(buf, "s");
+      strncat(buf, "s", sizeof(buf) - 1 - strlen(buf));
   }
 
   DrawIcon(hdc, r.left, r.top, hicon);
diff --git a/src/windows/cns/cns_reg.c b/src/windows/cns/cns_reg.c
index 400d72d..160eb15 100644
--- a/src/windows/cns/cns_reg.c
+++ b/src/windows/cns/cns_reg.c
@@ -74,8 +74,12 @@ cns_load_registry(void)
   if (key != INVALID_HANDLE_VALUE) {
 	if (registry_string_get(key, KERBNET_HOME, &ts) == 0) {
 		cns_res.conf_override = 0;
-		strcpy(cns_res.def_confname, ts);
-		strcat(cns_res.def_confname, "\\etc\\krb5.conf");
+		cns_res.def_confname[sizeof(cns_res.def_confname) - 1];
+		strncpy(cns_res.def_confname, ts,
+		        sizeof(cns_res.def_confname) - 1);
+		strncat(cns_res.def_confname, "\\etc\\krb5.conf",
+			sizeof(cns_res.def_confname) - 1 -
+			strlen(cns_res.def_confname));
 		free(ts);
 	  }
 
diff --git a/src/windows/cns/tktlist.c b/src/windows/cns/tktlist.c
index 62b6eb8..5e15201 100644
--- a/src/windows/cns/tktlist.c
+++ b/src/windows/cns/tktlist.c
@@ -122,11 +122,12 @@ ticket_init_list (HWND hwnd)
     krb_get_nth_cred(service, instance, realm, i);
     krb_get_cred(service, instance, realm, &c);
     strcpy(buf, " ");
-    strcat(buf, short_date(c.issue_date - kwin_get_epoch()));
+    strncat(buf, short_date(c.issue_date - kwin_get_epoch()),
+            sizeof(buf) - 1 - strlen(buf));
     expiration = c.issue_date - kwin_get_epoch() + (long) c.lifetime * 5L * 60L;
-    strcat (buf, "      ");
-    strcat(buf, short_date(expiration));
-    strcat (buf, "      ");
+    strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
+    strncat(buf, short_date(expiration), sizeof(buf) - 1 - strlen(buf));
+    strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
     l = strlen(buf);
     sprintf(&buf[l], "%s%s%s%s%s (%d)",
 	    c.service, (c.instance[0] ? "." : ""), c.instance,
@@ -172,10 +173,12 @@ ticket_init_list (HWND hwnd)
       
       ncred++;
       strcpy (buf, "  ");
-      strcat (buf, short_date (c.times.starttime - kwin_get_epoch()));
-      strcat (buf, "      ");
-      strcat (buf, short_date (c.times.endtime - kwin_get_epoch()));
-      strcat (buf, "      ");
+      strncat(buf, short_date (c.times.starttime - kwin_get_epoch()),
+	      sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, short_date (c.times.endtime - kwin_get_epoch()),
+	      sizeof(buf) - 1 - strlen(buf));
+      strncat(buf, "      ", sizeof(buf) - 1 - strlen(buf));
       
       /* Add ticket service name and realm */
       code = krb5_unparse_name (k5_context, c.server, &sname);
@@ -183,9 +186,9 @@ ticket_init_list (HWND hwnd)
 	com_err (NULL, code, "while unparsing server name");
 	break;
       }
-      strcat (buf, sname);
+      strncat (buf, sname, sizeof(buf) - 1 - strlen(buf));
 
-      strcat (buf, flags_string (&c)); /* Add flag info */
+      strncat (buf, flags_string (&c), sizeof(buf) - 1 - strlen(buf)); /* Add flag info */
       
       l = strlen(buf);
       lpinfo = (LPTICKETINFO) malloc(sizeof(TICKETINFO) + l + 1);