------------------------------------------------------------
revno: 11726
revision-id: squid3@treenet.co.nz-20121130133118-6222astabpfm5c1i
parent: squid3@treenet.co.nz-20121130133040-tert6g50qyzg3c2b
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.2
timestamp: Fri 2012-11-30 06:31:18 -0700
message:
  negotiate_kerberos_auth: better bounds checking
  
  * sysconf() may return -N values on some platforms or values larger than
    the hard-coded 1024 buffer size for hostname. Use sizeof() instead
    since the buffer is hardcoded anyway.
  
  * also, use return instead of exit() on the test binary to reduce
    warnings from static analysis compilers.
  
   Detected by Coverity Scan. Issues 740392, 740484
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20121130133118-6222astabpfm5c1i
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# testament_sha1: 20710e9376d2caa941d3492d79abdf2719eeb5fe
# timestamp: 2012-11-30 13:41:41 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# base_revision_id: squid3@treenet.co.nz-20121130133040-\
#   tert6g50qyzg3c2b
# 
# Begin patch
=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc'
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-02-05 06:09:46 +0000
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-11-30 13:31:18 +0000
@@ -119,7 +119,7 @@
     struct addrinfo *hres = NULL, *hres_list;
     int rc, count;
 
-    rc = gethostname(hostname, sysconf(_SC_HOST_NAME_MAX));
+    rc = gethostname(hostname, sizeof(hostname)-1);
     if (rc) {
         fprintf(stderr, "%s| %s: ERROR: resolving hostname '%s' failed\n",
                 LogTime(), PROGRAM, hostname);
@@ -148,7 +148,7 @@
         return NULL;
     }
     freeaddrinfo(hres);
-    hostname[sysconf(_SC_HOST_NAME_MAX) - 1] = '\0';
+    hostname[sizeof(hostname)-1] = '\0';
     return (xstrdup(hostname));
 }
 

=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc'
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc	2012-02-05 06:09:46 +0000
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc	2012-11-30 13:31:18 +0000
@@ -213,14 +213,13 @@
 int
 main(int argc, char *argv[])
 {
-
     const char *Token;
     int count;
 
     if (argc < 2) {
         fprintf(stderr, "%s| %s: Error: No proxy server name given\n",
                 LogTime(), PROGRAM);
-        exit(99);
+        return 99;
     }
     if (argc == 3) {
         count = atoi(argv[2]);
@@ -235,7 +234,7 @@
         fprintf(stdout, "Token: %s\n", Token ? Token : "NULL");
     }
 
-    exit(0);
+    return 0;
 }
 
 #else
@@ -243,7 +242,7 @@
 int
 main(int argc, char *argv[])
 {
-    exit(-1);
+    return -1;
 }
 
 #endif /* HAVE_GSSAPI */