From: Omar Polo <op@omarpolo.com>
Date: Sun, 22 Aug 2021 14:23:54 +0000 (+0200)
Subject: Avoid using %n in emacsclient
X-Git-Tag: emacs-28.0.90~1361
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=5b55659baebd314a00e0219e65e356a9acdbc40a;p=emacs.git

Avoid using %n in emacsclient

* lib-src/emacsclient.c (local_sockname): Avoid using %n (bug#50155).
---

diff --git a/lib-src/emacsclient.c b/lib-src/emacsclient.c
index 8346524a3eb..018e81e4222 100644
--- a/lib-src/emacsclient.c
+++ b/lib-src/emacsclient.c
@@ -1401,10 +1401,8 @@ local_sockname (int s, char sockname[socknamesize], int tmpdirlen,
   /* Put the full address name into the buffer, since the caller might
      need it for diagnostics.  But don't overrun the buffer.  */
   uintmax_t uidmax = uid;
-  int emacsdirlen;
   int suffixlen = snprintf (sockname + tmpdirlen, socknamesize - tmpdirlen,
-			    "/emacs%"PRIuMAX"%n/%s", uidmax, &emacsdirlen,
-			    server_name);
+			    "/emacs%"PRIuMAX"/%s", uidmax, server_name);
   if (! (0 <= suffixlen && suffixlen < socknamesize - tmpdirlen))
     return ENAMETOOLONG;
 
@@ -1412,7 +1410,8 @@ local_sockname (int s, char sockname[socknamesize], int tmpdirlen,
      this user's directory and does not let others write to it; this
      fends off some symlink attacks.  To avoid races, keep the parent
      directory open while checking.  */
-  char *emacsdirend = sockname + tmpdirlen + emacsdirlen;
+  char *emacsdirend = sockname + tmpdirlen + suffixlen -
+    strlen(server_name) - 1;
   *emacsdirend = '\0';
   int dir = openat (AT_FDCWD, sockname,
 		    O_PATH | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);