s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer from a...

Post checks for overflow/error.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184

diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c05246a7407fa3a61ff0f7f79bc5aeab1d181a29..c0ee5c32c302f4c1a1c688d05c0592ac76414025 100644 (file)
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -73,12 +73,16 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
 
        rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
        if (rc != 0 || pwdbuf == NULL ) {
+               int len_written;
                const char *szPath = getenv("HOME");
                if (szPath == NULL) {
                        return NULL;
                }
-               snprintf(buf, sizeof(buf), "%s", szPath);
-
+               len_written = snprintf(buf, sizeof(buf), "%s", szPath);
+               if (len_written >= sizeof(buf) || len_written < 0) {
+                       /* Output was truncated or an error. */
+                       return NULL;
+               }
                return talloc_strdup(mem_ctx, buf);
        }