Package: pms Version: 0.42-1+b3 Severity: important Dear Maintainer,
I have a mpd instance with password, but pms was not configured for it yet. I ran pms from dmenu_run instead of a terminal. The result was an infinite loop on the password prompt. This gets logged to .xsession-errors. This filled my disk which is how I found out.
Attached is a patch that causes pms to exit if fgets() returns a null string (not just an empty string). This prevents the infinite loop in my case but seems to still allow pms to prompt indefinitely when run properly from a terminal.
-- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pms depends on: ii libc6 2.28-7 ii libgcc1 1:8.2.0-21 ii libglib2.0-0 2.58.3-1 ii libncursesw6 6.1+20181013-2 ii libstdc++6 8.2.0-21 ii libtinfo6 6.1+20181013-2 Versions of packages pms recommends: ii mpd 0.21.4-1+b1 pms suggests no packages. -- no debconf information
diff --git a/src/pms.cpp b/src/pms.cpp index 2c60585..4c8e798 100644 --- a/src/pms.cpp +++ b/src/pms.cpp @@ -471,7 +471,8 @@ Pms::main() printf(_("This mpd server requires a password.\n")); printf(_("Password: ")); - fgets(pass, 512, stdin) ? 1 : 0; //ternary here is a hack to get rid of a warn_unused_result warning + if (fgets(pass, 512, stdin) == 0) + return PMS_EXIT_BADPASS; if (pass[strlen(pass)-1] == '\n') { pass[strlen(pass)-1] = '\0'; }