From b6036e23b0477be147211b4e21a6b49cd4d6c9a0 Mon Sep 17 00:00:00 2001

From: Jamie Bainbridge <jamie.bainbridge@gmail.com>

Date: Wed, 8 Sep 2021 12:08:17 +1000

Subject: [PATCH] gutils: Avoid segfault in g_get_user_database_entry

g_get_user_database_entry() uses variable pwd to store the contents of

the call to getpwnam_r(), then capitalises the first letter of pw_name

with g_ascii_toupper (pw->pw_name[0]).

However, as per the getpwnam manpage, the result of that call "may point

to a static area". When this happens, GLib is trying to edit static

memory which belongs to a shared library, so segfaults.

Instead, copy pw_name off to a temporary variable, set uppercase on

that variable, and use the variable to join into the desired string.

Free the new variable after it is no longer needed.

Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>

---

 glib/gutils.c | 7 +++++--

 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/glib/gutils.c b/glib/gutils.c

index b7a2113d4..4bccd7229 100644

--- a/glib/gutils.c

+++ b/glib/gutils.c

@@ -692,14 +692,17 @@ g_get_user_database_entry (void)

               {

                 gchar **gecos_fields;

                 gchar **name_parts;

+                gchar *uppercase_pw_name;

                 /* split the gecos field and substitute '&' */

                 gecos_fields = g_strsplit (pw->pw_gecos, ",", 0);

                 name_parts = g_strsplit (gecos_fields[0], "&", 0);

-                pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]);

-                e.real_name = g_strjoinv (pw->pw_name, name_parts);

+                uppercase_pw_name = g_strdup (pw->pw_name);

+                uppercase_pw_name[0] = g_ascii_toupper (uppercase_pw_name[0]);

+                e.real_name = g_strjoinv (uppercase_pw_name, name_parts);

                 g_strfreev (gecos_fields);

                 g_strfreev (name_parts);

+                g_free (uppercase_pw_name);

               }

 #endif

-- 

GitLab