Commit fa1fbc25 authored by Damjan Georgievski's avatar Damjan Georgievski Committed by Aleix Pol Gonzalez

fix off by one in the socket filename

from the snprintf man page:

The functions snprintf() and vsnprintf() do not write more than size bytes (*including* the terminating null byte  ('\0')).   If
the  output was truncated due to this limit, then the return value is the number of characters (*excluding* the terminating null
byte) which would have been written to the final string if enough space had been available.  Thus, a return value of  size  or
more means that the output was truncated.

pam_wallet.c should increase the needed parameter by one, to account for the terminating null byte  ('\0')

REVIEW: 129955
parent b94a6ce1
......@@ -408,16 +408,19 @@ static void start_kwallet(pam_handle_t *pamh, struct passwd *userInfo, const cha
char *fullSocket = NULL;
if (socketPath) {
size_t needed = snprintf(NULL, 0, "%s/%s_%s%s", socketPath, socketPrefix, userInfo->pw_name, ".socket");
needed += 1;
fullSocket = malloc(needed);
snprintf(fullSocket, needed, "%s/%s_%s%s", socketPath, socketPrefix, userInfo->pw_name, ".socket");
} else {
socketPath = get_env(pamh, "XDG_RUNTIME_DIR");
if (socketPath) {
size_t needed = snprintf(NULL, 0, "%s/%s%s", socketPath, socketPrefix, ".socket");
needed += 1;
fullSocket = malloc(needed);
snprintf(fullSocket, needed, "%s/%s%s", socketPath, socketPrefix, ".socket");
} else {
size_t needed = snprintf(NULL, 0, "/tmp/%s_%s%s", socketPrefix, userInfo->pw_name, ".socket");
needed += 1;
fullSocket = malloc(needed);
snprintf(fullSocket, needed, "/tmp/%s_%s%s", socketPrefix, userInfo->pw_name, ".socket");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment