mirror of
https://github.com/nextcloud/desktop.git
synced 2024-10-29 00:26:33 +03:00
misc: Correctly handle getenv().
The returned string of getenv() has an unknown size. You need to store the result always in a char array with a certain size to make sure we don't feed tainted data to the next function call.
This commit is contained in:
parent
457086c63e
commit
fdb2fe3ef9
1 changed files with 10 additions and 6 deletions
|
@ -86,24 +86,28 @@ char *csync_get_local_username(void) {
|
|||
#endif /* NSS_BUFLEN_PASSWD */
|
||||
|
||||
char *csync_get_user_home_dir(void) {
|
||||
char *szPath = NULL;
|
||||
char home[PATH_MAX] = {0};
|
||||
const char *envp;
|
||||
struct passwd pwd;
|
||||
struct passwd *pwdbuf;
|
||||
char buf[NSS_BUFLEN_PASSWD];
|
||||
int rc;
|
||||
|
||||
szPath = getenv("HOME");
|
||||
if( szPath ) {
|
||||
return c_strdup(szPath);
|
||||
envp = getenv("HOME");
|
||||
if (envp != NULL) {
|
||||
snprintf(home, sizeof(home), "%s", envp);
|
||||
if (home[0] != '\0') {
|
||||
return c_strdup(home);
|
||||
}
|
||||
}
|
||||
|
||||
/* Still nothing found, read the password file */
|
||||
rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
|
||||
if (rc != 0) {
|
||||
szPath = c_strdup(pwd.pw_dir);
|
||||
return c_strdup(pwd.pw_dir);
|
||||
}
|
||||
|
||||
return szPath;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
char *csync_get_local_username(void) {
|
||||
|
|
Loading…
Reference in a new issue