From f670cae69d85a8bfc14ab7d9cd38ab0e568e6929 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 10 Dec 2012 14:06:32 +0100
Subject: [PATCH] s3-utils: Correctly handle getenv() for the later system()
 call.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The returned string of getenv() has an unknown size. You need to store
the result always in a char array with a certain size to make sure we
don't feed tainted data to the next function call.

Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---
 source3/utils/interact.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/source3/utils/interact.c b/source3/utils/interact.c
index 39ec7071760..6d753dd012e 100644
--- a/source3/utils/interact.c
+++ b/source3/utils/interact.c
@@ -31,16 +31,19 @@
 #include <termios.h>
 
 static const char* get_editor(void) {
-	static const char* editor = NULL;
-	if (editor == NULL) {
-		editor = getenv("VISUAL");
-		if (editor == NULL) {
-			editor = getenv("EDITOR");
+	static char editor[64] = {0};
+
+	if (editor[0] == '\0') {
+		const char *tmp = getenv("VISUAL");
+		if (tmp == NULL) {
+			tmp = getenv("EDITOR");
 		}
-		if (editor == NULL) {
-			editor = "vi";
+		if (tmp == NULL) {
+			tmp = "vi";
 		}
+		snprintf(editor, sizeof(editor), "%s", tmp);
 	}
+
 	return editor;
 }
 
-- 
2.11.4.GIT