In particular, if HOME is undefined, then a segmentation fault will occur. Also, if HOME is at least 245 characters, then a buffer overflow will occur. We check for these conditions and exit with an error message instead.
Patch obtained from Debian package [1]. [1] https://sources.debian.net/src/wmfsm/0.35-1/debian/patches/handle_HOME_errors.patch/ --- wmfsm/wmfsm/wmfsm.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/wmfsm/wmfsm/wmfsm.c b/wmfsm/wmfsm/wmfsm.c index 3032b76..10c4bae 100644 --- a/wmfsm/wmfsm/wmfsm.c +++ b/wmfsm/wmfsm/wmfsm.c @@ -565,6 +565,7 @@ excludeFileSystems() { char confFileName[255]; char workString[255]; + char *home; int i, j, exnumberfs = 0; int excluded, finalnumberfs = 0; char *mount_points[100]; @@ -572,7 +573,17 @@ excludeFileSystems() int include = -1; int included = 0; - strncpy(confFileName, (char *) getenv("HOME"), 245); + home = getenv("HOME"); + if (home == NULL) { + fprintf(stderr, "error: HOME must be defined\n"); + exit(1); + } + if (strlen(home) > 244) { + fprintf(stderr, + "error: HOME may not be longer than 244 characters\n"); + exit(1); + } + strncpy(confFileName, home, 245); strcat(confFileName, "/.wmfsmrc"); confFile = fopen(confFileName, "r"); if (confFile) { -- 2.1.4 -- To unsubscribe, send mail to wmaker-dev-unsubscr...@lists.windowmaker.org.
