From 984d87985ca41fed68c41da3c787924178bc4c14 Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Mon, 18 Aug 2014 16:28:27 +0100 Subject: sanity check length os environment variable derived paths (Coverity 1231845) --- gtk/viewdata.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/gtk/viewdata.c b/gtk/viewdata.c index aceb9e0d5..fc7537d80 100644 --- a/gtk/viewdata.c +++ b/gtk/viewdata.c @@ -578,27 +578,38 @@ static char** xdg_data_strvec(void) char **svec; xdg_data_dirs = getenv("XDG_DATA_DIRS"); - if ((xdg_data_dirs == NULL) || (*xdg_data_dirs == 0)) { + if ((xdg_data_dirs == NULL) || + (*xdg_data_dirs == 0) || + (strlen(xdg_data_dirs) > 4096)) { xdg_data_dirs = "/usr/local/share/:/usr/share/"; } xdg_data_home = getenv("XDG_DATA_HOME"); - if ((xdg_data_home == NULL) || (*xdg_data_home == 0)) { + if ((xdg_data_home == NULL) || + (*xdg_data_home == 0) || + (strlen(xdg_data_home) > 4096)) { /* $XDG_DATA_HOME is empty use $HOME/.local/share */ home_dir = getenv("HOME"); - if ((home_dir != NULL) && (*home_dir != 0)) { - xdg_data_size = strlen(home_dir) + SLEN("/.local/share:" ) + strlen(xdg_data_dirs) + 1; + if ((home_dir == NULL) || + (*home_dir == 0) || + (strlen(home_dir) > 4096)) { + xdg_data_path = strdup(xdg_data_dirs); + } else { + xdg_data_size = strlen(home_dir) + + SLEN("/.local/share:") + + strlen(xdg_data_dirs) + 1; xdg_data_path = malloc(xdg_data_size); snprintf(xdg_data_path, xdg_data_size , - "%s/.local/share/:%s", home_dir, xdg_data_dirs); - } else { - xdg_data_path = strdup(xdg_data_dirs); + "%s/.local/share/:%s", + home_dir, xdg_data_dirs); } } else { - xdg_data_size = strlen(xdg_data_home) + strlen(xdg_data_dirs) + 2; + xdg_data_size = strlen(xdg_data_home) + + strlen(xdg_data_dirs) + 2; xdg_data_path = malloc(xdg_data_size); - snprintf(xdg_data_path, xdg_data_size , "%s:%s", xdg_data_home, xdg_data_dirs); + snprintf(xdg_data_path, xdg_data_size , "%s:%s", + xdg_data_home, xdg_data_dirs); } LOG(("%s", xdg_data_path)); -- cgit v1.2.3