From fdb2fe3ef904ac28516d4f6acba1368c1d9fecdd Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 5 Mar 2013 10:24:34 +0100
Subject: [PATCH] misc: Correctly handle getenv().

The returned string of getenv() has an unknown size. You need to store
the result always in a char array with a certain size to make sure we
don't feed tainted data to the next function call.
---
 src/csync_misc.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/csync_misc.c b/src/csync_misc.c
index 5aa8c3d7f..3b13ca9d5 100644
--- a/src/csync_misc.c
+++ b/src/csync_misc.c
@@ -86,24 +86,28 @@ char *csync_get_local_username(void) {
 #endif /* NSS_BUFLEN_PASSWD */
 
 char *csync_get_user_home_dir(void) {
-    char *szPath = NULL;
+    char home[PATH_MAX] = {0};
+    const char *envp;
     struct passwd pwd;
     struct passwd *pwdbuf;
     char buf[NSS_BUFLEN_PASSWD];
     int rc;
 
-    szPath = getenv("HOME");
-    if( szPath ) {
-        return c_strdup(szPath);
+    envp = getenv("HOME");
+    if (envp != NULL) {
+        snprintf(home, sizeof(home), "%s", envp);
+        if (home[0] != '\0') {
+            return c_strdup(home);
+        }
     }
 
     /* Still nothing found, read the password file */
     rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
     if (rc != 0) {
-        szPath = c_strdup(pwd.pw_dir);
+        return c_strdup(pwd.pw_dir);
     }
 
-    return szPath;
+    return NULL;
 }
 
 char *csync_get_local_username(void) {