From 2be3432290c782092c080a137032c2bd5b555740 Mon Sep 17 00:00:00 2001
From: Doug Torrance <dtorrance@piedmont.edu>
Date: Fri, 21 Aug 2015 02:20:20 -0400
Subject: [PATCH] wmfsm: Handle errors related to the HOME environment
 variable.

In particular, if HOME is undefined, then a segmentation fault will occur.
Also, if HOME is at least 245 characters, then a buffer overflow will occur.
We check for these conditions and exit with an error message instead.

Patch obtained from Debian package [1].

[1] https://sources.debian.net/src/wmfsm/0.35-1/debian/patches/handle_HOME_errors.patch/
---
 wmfsm/wmfsm/wmfsm.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/wmfsm/wmfsm/wmfsm.c b/wmfsm/wmfsm/wmfsm.c
index 3032b76..10c4bae 100644
--- a/wmfsm/wmfsm/wmfsm.c
+++ b/wmfsm/wmfsm/wmfsm.c
@@ -565,6 +565,7 @@ excludeFileSystems()
 {
 	char confFileName[255];
 	char workString[255];
+	char *home;
 	int i, j, exnumberfs = 0;
 	int excluded, finalnumberfs = 0;
 	char *mount_points[100];
@@ -572,7 +573,17 @@ excludeFileSystems()
 	int include = -1;
 	int included = 0;
 
-	strncpy(confFileName, (char *) getenv("HOME"), 245);
+	home = getenv("HOME");
+	if (home == NULL) {
+		fprintf(stderr, "error: HOME must be defined\n");
+		exit(1);
+	}
+	if (strlen(home) > 244) {
+		fprintf(stderr,
+			"error: HOME may not be longer than 244 characters\n");
+		exit(1);
+	}
+	strncpy(confFileName, home, 245);
 	strcat(confFileName, "/.wmfsmrc");
 	confFile = fopen(confFileName, "r");
 	if (confFile) {