summaryrefslogtreecommitdiffstats
path: root/common
AgeCommit message (Collapse)AuthorFilesLines
2013-07-15userpref: correctly NULL-terminate arguments in string_concat callsGravatar Nikias Bassen1-2/+2
2013-07-13common: Fix malformed binary debug message dumpingGravatar Martin Szulecki1-1/+1
2013-07-13common: Fix WIN32 portability for recent userpref security fixGravatar Martin Szulecki1-1/+6
2013-07-13common: Implement stpcpy() replacement for systems lacking itGravatar Martin Szulecki2-0/+26
2013-07-02Bug #331 - Don't create a /tmp/root directory insecurelyGravatar Federico Mena Quintero1-29/+76
When finding the user's home directory to generate a subdirectory in $HOME/.config, we would fall back to /tmp if there were no environment variables for HOME or XDG_CONFIG_HOME. Since libimobiledevice gets used by upower, and since upowerd runs as root, this would cause a /tmp/root directory to be created insecurely, leaving upowerd vulnerable to a symlink attack. Now we fall back to getpwuid_r() to find the user's home directory if it is not provided in environment variables - this is the case when upowerd gets run via systemd, for example. The result is that we'll end up creating /root/.config, a safe directory, since regular users cannot create symlinks in /root. In the future we'll need a way for libimobiledevice to find where to store its pairing data on behalf of the console user, rather than writing it to /root. http://libiphone.lighthouseapp.com/projects/27916-libiphone/tickets/331-insecure-tmp-directory-use
2013-07-02common: Add utils.[ch] with a string_concat() functionGravatar Federico Mena Quintero3-1/+114
Instead of doing malloc() and repeated strcat(), which is an O(n^2) way to concatenate multiple strings, we define a single O(total_len) function that uses stpcpy(). This will also make the rest of the code more legible and safer.
2013-05-23Silence compiler warnings for win32 buildsGravatar Martin Szulecki2-1/+3
2013-04-25common: Move debug and userpref code into libinternalcommonGravatar Martin Szulecki5-1/+1465
2013-03-20move thread and socket code to "common" subdirGravatar Nikias Bassen5-0/+600