diff options
| author | Peter Baumann <p.baumann@jacobs-university.de> | 2010-08-29 19:05:06 +0200 |
|---|---|---|
| committer | www-data <www-data@ubuntu.localdomain> | 2010-10-31 12:58:56 +0100 |
| commit | e604924aaff2386337f2df4825ba3873153ec12f (patch) | |
| tree | 3524aa2dbe2ea9e3f2b477ca4b157cedfd807ca8 | |
| parent | 7e98f5d063388493423ff73d347a91544bfa75af (diff) | |
| download | rasdaman-upstream-e604924aaff2386337f2df4825ba3873153ec12f.tar.gz rasdaman-upstream-e604924aaff2386337f2df4825ba3873153ec12f.tar.xz rasdaman-upstream-e604924aaff2386337f2df4825ba3873153ec12f.zip | |
cured possible file name oflo in rasmgr auth file
| -rw-r--r-- | rasmgr/rasmgr_users.cc | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/rasmgr/rasmgr_users.cc b/rasmgr/rasmgr_users.cc index 10a3ebb..fd1d2c7 100644 --- a/rasmgr/rasmgr_users.cc +++ b/rasmgr/rasmgr_users.cc @@ -363,8 +363,12 @@ bool UserManager::acceptChangeName(const char *oldName,const char *newName) Authorization::Authorization() { inConfigFile=false; - authFileName[0]=0; - strcat(authFileName,"rasmgr_auth.dat"); + int pathLen = snprintf( authFileName, FILENAME_MAX, "%s/%s", CONFDIR, "rasmgr_auth.dat" ); + if (pathLen >= FILENAME_MAX) + { + authFileName[FILENAME_MAX-1] = '\0'; // force-terminate string before printing + cerr << "Warning: authentication file path longer than allowed by OS, file likely cannot be accessed: " << authFileName << endl; + } globalInitAdminRight=admR_none; globalInitDatabRight=dbR_none; } @@ -814,7 +818,8 @@ bool Authorization::saveOrigAuthFile() bool Authorization::saveAltAuthFile() { bool result = true; - char origFileName[ sizeof(authFileName) ]; // temp copy of origFileName + const char *tempfileTemplate = ".XXXXXX"; // 6 * 'X', see man mkstemp() + char origFileName[ sizeof(authFileName) + sizeof(tempfileTemplate) ]; // temp copy of auth file ENTER( "Authorization::saveAltAuthFile: enter." ); @@ -823,10 +828,10 @@ bool Authorization::saveAltAuthFile() // build temp file by appending a unique string (void) strcpy( altAuthFileName, authFileName ); - (void) strcat( altAuthFileName, ".XXXXXX" ); // 6 * 'X', see man mkstemp() + (void) strcat( altAuthFileName, tempfileTemplate ); - int altFile = mkstemp( altAuthFileName ); // replaces the Xs by unique string - if (altFile < 0) // error in creating file name + int altFile = mkstemp( altAuthFileName ); // replaces the Xs by some unique string; checks for FILENAME_MAX oflo + if (altFile < 0) // error in creating file name { int tempError = errno; TALK( "Authorization::saveAltAuthFile: error creating alternate file name: " << strerror(tempError) ); |