mkgroup/mkpasswd: Fix potential buffer overwrite in corner case

Fixes Coverity CIDs 60076, 60077 and 60081 Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2016-10-23 17:02:24 +02:00
parent 7d5af6f0ba
commit 526107a753
2 changed files with 15 additions and 9 deletions
--- a/winsup/utils/mkpasswd.c
+++ b/winsup/utils/mkpasswd.c
@@ -312,10 +312,12 @@ enum_users (domlist_t *mach, const char *sep, const char *passed_home_path,
 	  else if (acc_type == SidTypeDomain)
 	    {
 	      WCHAR domname[MAX_DOMAIN_NAME_LEN + UNLEN + 2];
+	      PWCHAR p;

-	      wcscpy (domname, machine);
-	      wcscat (domname, L"\\");
-	      wcscat (domname, buffer[i].usri3_name);
+	      p = wcpcpy (domname, machine);
+	      p = wcpcpy (p, L"\\");
+	      p = wcpncpy (p, buffer[i].usri3_name, UNLEN);
+	      *p = L'\0';
 	      sid_length = SECURITY_MAX_SID_SIZE;
 	      domname_len = sizeof (domname);
 	      if (!LookupAccountNameW (machine, domname, psid,