The branch, master has been updated via dd1f750293e s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer. from f98b766d94a gitlab-ci: Add new runner for samba-admem-fips
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit dd1f750293ef4361455a5d5b63fc7a89495715b7 Author: Jeremy Allison <j...@samba.org> Date: Fri May 15 12:18:02 2020 -0700 s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a getenv() pointer. Post checks for overflow/error. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184 ----------------------------------------------------------------------- Summary of changes: lib/util/util_paths.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c index c05246a7407..c0ee5c32c30 100644 --- a/lib/util/util_paths.c +++ b/lib/util/util_paths.c @@ -73,12 +73,16 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx) rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf); if (rc != 0 || pwdbuf == NULL ) { + int len_written; const char *szPath = getenv("HOME"); if (szPath == NULL) { return NULL; } - snprintf(buf, sizeof(buf), "%s", szPath); - + len_written = snprintf(buf, sizeof(buf), "%s", szPath); + if (len_written >= sizeof(buf) || len_written < 0) { + /* Output was truncated or an error. */ + return NULL; + } return talloc_strdup(mem_ctx, buf); } -- Samba Shared Repository