mkgroup/mkpasswd: Fix potential buffer overwrite in corner case

Fixes Coverity CIDs 60076, 60077 and 60081 Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
author: Corinna Vinschen <corinna@vinschen.de> 2016-10-23 17:02:24 +0200
committer: Corinna Vinschen <corinna@vinschen.de> 2016-10-23 17:04:55 +0200
commit: 526107a7536c3ae8d7de2b38bc668b940f52ca35 (patch)
tree: 3f7c04df87d156767b5d46fd859be7c2ae8cff54 /winsup/utils
parent: 7d5af6f0ba06d8f1c49912e42a863c09ed6710af (diff)
download: newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.zip
newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.tar.gz
newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.tar.bz2
2 files changed, 15 insertions, 9 deletions
diff --git a/winsup/utils/mkgroup.c b/winsup/utils/mkgroup.c
index a9949d5..fc36e27 100644
--- a/winsup/utils/mkgroup.c
+++ b/winsup/utils/mkgroup.c
@@ -296,10 +296,12 @@ enum_local_groups (domlist_t *mach, const char *sep,
 	  else if (acc_type == SidTypeDomain)
 	    {
 	      WCHAR domname[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
+	      PWCHAR p;
 
-	      wcscpy (domname, domain_name);
-	      wcscat (domname, L"\\");
-	      wcscat (domname, buffer[i].lgrpi0_name);
+	      p = wcpcpy (domname, domain_name);
+	      p = wcpcpy (p, L"\\");
+	      p = wcpncpy (p, buffer[i].lgrpi0_name, GNLEN);
+	      *p = L'\0';
 	      sid_length = SECURITY_MAX_SID_SIZE;
 	      domname_len = MAX_DOMAIN_NAME_LEN + 1;
 	      if (!LookupAccountNameW (machine, domname,
@@ -434,10 +436,12 @@ enum_groups (domlist_t *mach, const char *sep, DWORD id_offset,
 	  else if (acc_type == SidTypeDomain)
 	    {
 	      WCHAR domname[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
+	      PWCHAR p;
 
-	      wcscpy (domname, machine);
-	      wcscat (domname, L"\\");
-	      wcscat (domname, buffer[i].grpi2_name);
+	      p = wcpcpy (domname, machine);
+	      p = wcpcpy (p, L"\\");
+	      p = wcpncpy (p, buffer[i].grpi2_name, GNLEN);
+	      *p = L'\0';
 	      sid_length = SECURITY_MAX_SID_SIZE;
 	      domname_len = MAX_DOMAIN_NAME_LEN + 1;
 	      if (!LookupAccountNameW (machine, domname, psid, &sid_length,
diff --git a/winsup/utils/mkpasswd.c b/winsup/utils/mkpasswd.c
index 27c607f..9562eac 100644
--- a/winsup/utils/mkpasswd.c
+++ b/winsup/utils/mkpasswd.c
@@ -312,10 +312,12 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
 	  else if (acc_type == SidTypeDomain)
 	    {
 	      WCHAR domname[MAX_DOMAIN_NAME_LEN + UNLEN + 2];
+	      PWCHAR p;
 
-	      wcscpy (domname, machine);
-	      wcscat (domname, L"\\");
-	      wcscat (domname, buffer[i].usri3_name);
+	      p = wcpcpy (domname, machine);
+	      p = wcpcpy (p, L"\\");
+	      p = wcpncpy (p, buffer[i].usri3_name, UNLEN);
+	      *p = L'\0';
 	      sid_length = SECURITY_MAX_SID_SIZE;
 	      domname_len = sizeof (domname);
 	      if (!LookupAccountNameW (machine, domname, psid,
author	Corinna Vinschen <corinna@vinschen.de>	2016-10-23 17:02:24 +0200
committer	Corinna Vinschen <corinna@vinschen.de>	2016-10-23 17:04:55 +0200
commit	526107a7536c3ae8d7de2b38bc668b940f52ca35 (patch)
tree	3f7c04df87d156767b5d46fd859be7c2ae8cff54 /winsup/utils
parent	7d5af6f0ba06d8f1c49912e42a863c09ed6710af (diff)
download	newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.zip newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.tar.gz newlib-526107a7536c3ae8d7de2b38bc668b940f52ca35.tar.bz2