Package: pms
Version: 0.42-1+b3
Severity: important
Dear Maintainer,
I have a mpd instance with password, but pms was not configured for it
yet. I ran pms from dmenu_run instead of a terminal. The result was an
infinite loop on the password prompt. This gets logged to
.xsession-errors. This filled my disk which is how I found out.
Attached is a patch that causes pms to exit if fgets() returns a null
string (not just an empty string). This prevents the infinite loop in
my case but seems to still allow pms to prompt indefinitely when run
properly from a terminal.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pms depends on:
ii libc6 2.28-7
ii libgcc1 1:8.2.0-21
ii libglib2.0-0 2.58.3-1
ii libncursesw6 6.1+20181013-2
ii libstdc++6 8.2.0-21
ii libtinfo6 6.1+20181013-2
Versions of packages pms recommends:
ii mpd 0.21.4-1+b1
pms suggests no packages.
-- no debconf information
diff --git a/src/pms.cpp b/src/pms.cpp
index 2c60585..4c8e798 100644
--- a/src/pms.cpp
+++ b/src/pms.cpp
@@ -471,7 +471,8 @@ Pms::main()
printf(_("This mpd server requires a password.\n"));
printf(_("Password: "));
- fgets(pass, 512, stdin) ? 1 : 0; //ternary here is a hack to get rid of a warn_unused_result warning
+ if (fgets(pass, 512, stdin) == 0)
+ return PMS_EXIT_BADPASS;
if (pass[strlen(pass)-1] == '\n') {
pass[strlen(pass)-1] = '\0';
}
