Check $HOME and home dir of $USER before getpwuid()->pw_dir

getpwnam(3) recommends to use $HOME instead of getpwuid()->pw_dir, as it allows users to point programs to a different path. Using getpwuid() also breaks namespaces-related use cases, like `unshare -r`. Patch was submitted by Dmitry Bogatov on the Debian bug tracker: https://bugs.debian.org/825397 Signed-off-by: Christoph Lohmann <20h@r-36.net>
2016-05-29 11:56:51 +02:00 · 2016-05-29 11:56:51 +02:00 · cee8f0186c
parent 3530d18d8e
commit cee8f0186c
1 changed files with 36 additions and 7 deletions
--- a/surf.c
+++ b/surf.c
@ -350,29 +350,58 @@ buildfile(const char *path)
 	return fpath;
 }
 static const char*
 get_user_homedir(const char *user) {
 	struct passwd *pw = getpwnam(user);
 	if (!pw) {
 		die("Can't get user `%s' home directory.\n", user);
 	}
 	return pw->pw_dir;
 }
 static const char*
 get_current_user_homedir() {
 	const char *homedir;
 	const char *user;
 	struct passwd *pw;
 	homedir = getenv("HOME");
 	if (homedir) {
 		return homedir;
 	}
 	user = getenv("USER");
 	if (user) {
 		return get_user_homedir(user);
 	}
 	pw = getpwuid(getuid());
 	if (!pw) {
 		die("Can't get current user home directory\n");
 	}
 	return pw->pw_dir;
 }
 char *
 buildpath(const char *path)
 {
 	struct passwd *pw;
 	char *apath, *name, *p, *fpath;
 	if (path[0] == '~') {
 		const char *homedir;
 		if (path[1] == '/' || path[1] == '\0') {
 			p = (char *)&path[1];
-			pw = getpwuid(getuid());
+			homedir = get_current_user_homedir();
 		} else {
 			if ((p = strchr(path, '/')))
 				name = g_strndup(&path[1], --p - path);
 			else
 				name = g_strdup(&path[1]);
-			if (!(pw = getpwnam(name))) {
+			homedir = get_user_homedir(name);
 				die("Can't get user %s home directory: %s.\n",
 				    name, path);
 			}
 			g_free(name);
 		}
-		apath = g_build_filename(pw->pw_dir, p, NULL);
+		apath = g_build_filename(homedir, p, NULL);
 	} else {
 		apath = g_strdup(path);
 	}