From 0063257a2bf4284b50945f337b81db951cfad364 Mon Sep 17 00:00:00 2001
From: Max Horn
Date: Mon, 31 Oct 2005 01:50:51 +0000
Subject: Fix another HOME buffer overflow attack vector

svn-id: r19376
---
 common/config-manager.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'common/config-manager.cpp')

diff --git a/common/config-manager.cpp b/common/config-manager.cpp
index 08edb25240..995d9d601a 100644
--- a/common/config-manager.cpp
+++ b/common/config-manager.cpp
@@ -92,8 +92,9 @@ ConfigManager::ConfigManager() {
 void ConfigManager::loadDefaultConfigFile() {
 	char configFile[MAXPATHLEN];
 #if defined(UNIX)
-	if (getenv("HOME") != NULL)
-		sprintf(configFile,"%s/%s", getenv("HOME"), DEFAULT_CONFIG_FILE);
+	const char *home = getenv("HOME");
+	if (home != NULL && strlen(home) < MAXPATHLEN)
+		snprintf(configFile, MAXPATHLEN, "%s/%s", home, DEFAULT_CONFIG_FILE);
 	else
 		strcpy(configFile, DEFAULT_CONFIG_FILE);
 #else
-- 
cgit v1.2.3