s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer.

Post checks for overflow/error. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184
author: Jeremy Allison <jra@samba.org> 2020-05-15 12:18:02 -0700
committer: Jeremy Allison <jra@samba.org> 2020-05-18 23:42:57 +0000
commit: dd1f750293ef4361455a5d5b63fc7a89495715b7 (patch)
tree: e65e84d6ee3f6200df2aee206b4543e04c6b985b /lib/util/util_paths.c
parent: f98b766d94a778fa2194f3c46a8302fe697499f0 (diff)
download: samba-dd1f750293ef4361455a5d5b63fc7a89495715b7.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c05246a7407..c0ee5c32c30 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -73,12 +73,16 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
 
 	rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
 	if (rc != 0 || pwdbuf == NULL ) {
+		int len_written;
 		const char *szPath = getenv("HOME");
 		if (szPath == NULL) {
 			return NULL;
 		}
-		snprintf(buf, sizeof(buf), "%s", szPath);
-
+		len_written = snprintf(buf, sizeof(buf), "%s", szPath);
+		if (len_written >= sizeof(buf) || len_written < 0) {
+			/* Output was truncated or an error. */
+			return NULL;
+		}
 		return talloc_strdup(mem_ctx, buf);
 	}
author	Jeremy Allison <jra@samba.org>	2020-05-15 12:18:02 -0700
committer	Jeremy Allison <jra@samba.org>	2020-05-18 23:42:57 +0000
commit	dd1f750293ef4361455a5d5b63fc7a89495715b7 (patch)
tree	e65e84d6ee3f6200df2aee206b4543e04c6b985b /lib/util/util_paths.c
parent	f98b766d94a778fa2194f3c46a8302fe697499f0 (diff)
download	samba-dd1f750293ef4361455a5d5b63fc7a89495715b7.tar.gz