mirrors/nextcloud-desktop
1
0
Fork 0
mirror of https://github.com/nextcloud/desktop.git synced 2024-10-29 00:26:33 +03:00
Code Issues Projects Releases Packages Wiki Activity

misc: Correctly handle getenv().

Browse source 
The returned string of getenv() has an unknown size. You need to store
the result always in a char array with a certain size to make sure we
don't feed tainted data to the next function call.
This commit is contained in:
Andreas Schneider 2013-03-05 10:24:34 +01:00
parent 457086c63e
commit fdb2fe3ef9
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/csync_misc.c
View file

@ -86,24 +86,28 @@ char *csync_get_local_username(void) {
#endif /* NSS_BUFLEN_PASSWD */ #endif /* NSS_BUFLEN_PASSWD */
char *csync_get_user_home_dir(void) { char *csync_get_user_home_dir(void) {
char *szPath = NULL; char home[PATH_MAX] = {0};
const char *envp;
struct passwd pwd; struct passwd pwd;
struct passwd *pwdbuf; struct passwd *pwdbuf;
char buf[NSS_BUFLEN_PASSWD]; char buf[NSS_BUFLEN_PASSWD];
int rc; int rc;
szPath = getenv("HOME"); envp = getenv("HOME");
if( szPath ) { if (envp != NULL) {
return c_strdup(szPath); snprintf(home, sizeof(home), "%s", envp);
if (home[0] != '\0') {
return c_strdup(home);
}
} }
/* Still nothing found, read the password file */ /* Still nothing found, read the password file */
rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
if (rc != 0) { if (rc != 0) {
szPath = c_strdup(pwd.pw_dir); return c_strdup(pwd.pw_dir);
} }
return szPath; return NULL;
} }
char *csync_get_local_username(void) { char *csync_get_local_username(void) {