aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-30 08:12:48 +0000
committerTarmac <>2012-08-30 08:12:48 +0000
commit0160c961eb0e5a1ead77bf18d75df56aba34022a (patch)
tree68008a85702e841141662d78ae3d51a44c38179f
parent3c0dce874eeb33720f8b136e661035598689d302 (diff)
parente2d8b821e5047519f673462b6301e8d19ad170ce (diff)
downloadlightdm-remote-session-arctica-0160c961eb0e5a1ead77bf18d75df56aba34022a.tar.gz
lightdm-remote-session-arctica-0160c961eb0e5a1ead77bf18d75df56aba34022a.tar.bz2
lightdm-remote-session-arctica-0160c961eb0e5a1ead77bf18d75df56aba34022a.zip
Checking return values and enabling PIE to increase security. Fixes: https://bugs.launchpad.net/bugs/1039636. Approved by Albert Astals Cid, jenkins.
-rw-r--r--Makefile.am5
-rw-r--r--socket-sucker.c14
2 files changed, 16 insertions, 3 deletions
diff --git a/Makefile.am b/Makefile.am
index df8fa8e..bf4b300 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -22,6 +22,11 @@ pkglibexec_PROGRAMS = \
socket-sucker
socket_sucker_SOURCES = \
socket-sucker.c
+socket_sucker_CFLAGS = \
+ -Wall -Werror \
+ -fPIE
+socket_sucker_LDFLAGS = \
+ -pie
EXTRA_DIST = \
$(pam_session_DATA) \
diff --git a/socket-sucker.c b/socket-sucker.c
index 7a1e82f..35424a6 100644
--- a/socket-sucker.c
+++ b/socket-sucker.c
@@ -41,7 +41,12 @@ main (int argc, char * argv[])
}
serv_addr.sun_family = AF_UNIX;
- snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path), "%s/%s", home, ".freerdp-socket");
+
+ int printsize = snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home, ".freerdp-socket");
+ if (printsize > sizeof(serv_addr.sun_path) - 1 || printsize < 0) {
+ return -1;
+ }
+
servlen = strlen(serv_addr.sun_path) + sizeof(serv_addr.sun_family);
if ((socket_fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
@@ -57,11 +62,14 @@ main (int argc, char * argv[])
int out = 0;
in = read(socket_fd, buffer, BUFFER_SIZE);
- out = write(1, buffer, in);
+
+ if (in > 0) {
+ out = write(1, buffer, in);
+ }
close(socket_fd);
- if (in == 0) {
+ if (in > 0 && out > 0) {
return 0;
} else {
return -1;