------------------------------------------------------------
revno: 12410
revision-id: squid3@treenet.co.nz-20121124035321-6d8uj097tfhnlzjz
parent: squid3@treenet.co.nz-20121124035254-g4yh4vx3esoyf1d6
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.3
timestamp: Fri 2012-11-23 20:53:21 -0700
message:
  negotiate_kerberos_auth: better bounds checking
  
  * sysconf() may return -N values on some platforms or values larger than
    the hard-coded 1024 buffer size for hostname. Use sizeof() instead
    since the buffer is hardcoded anyway.
  
  * also, use return instead of exit() on the test binary to reduce
    warnings from static analysis compilers.
  
   Detected by Coverity Scan. Issues 740392, 740484
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20121124035321-6d8uj097tfhnlzjz
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# testament_sha1: 1cb5f441228ed4caaf6ea9ef76590d606e3f2de7
# timestamp: 2012-11-24 03:53:49 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# base_revision_id: squid3@treenet.co.nz-20121124035254-\
#   g4yh4vx3esoyf1d6
# 
# Begin patch
=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc'
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-08-28 13:00:30 +0000
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-11-24 03:53:21 +0000
@@ -119,7 +119,7 @@
     struct addrinfo *hres = NULL, *hres_list;
     int rc, count;
 
-    rc = gethostname(hostname, sysconf(_SC_HOST_NAME_MAX));
+    rc = gethostname(hostname, sizeof(hostname)-1);
     if (rc) {
         fprintf(stderr, "%s| %s: ERROR: resolving hostname '%s' failed\n",
                 LogTime(), PROGRAM, hostname);
@@ -148,7 +148,7 @@
         return NULL;
     }
     freeaddrinfo(hres);
-    hostname[sysconf(_SC_HOST_NAME_MAX) - 1] = '\0';
+    hostname[sizeof(hostname)-1] = '\0';
     return (xstrdup(hostname));
 }
 

=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc'
--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc	2012-07-02 12:14:07 +0000
+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth_test.cc	2012-11-24 03:53:21 +0000
@@ -213,14 +213,13 @@
 int
 main(int argc, char *argv[])
 {
-
     const char *Token;
     int count;
 
     if (argc < 2) {
         fprintf(stderr, "%s| %s: Error: No proxy server name given\n",
                 LogTime(), PROGRAM);
-        exit(99);
+        return 99;
     }
     if (argc == 3) {
         count = atoi(argv[2]);
@@ -235,7 +234,7 @@
         fprintf(stdout, "Token: %s\n", Token ? Token : "NULL");
     }
 
-    exit(0);
+    return 0;
 }
 
 #else
@@ -243,7 +242,7 @@
 int
 main(int argc, char *argv[])
 {
-    exit(-1);
+    return -1;
 }
 
 #endif /* HAVE_GSSAPI */