fixed a potential buffer overflow bug on the stack (thanks to Ghassan Misherg)
[slock.git] / slock.c
1 /* (C)opyright MMVI-MMVII Anselm R. Garbe <garbeam at gmail dot com>
2  * See LICENSE file for license details.
3  */
4 #define _XOPEN_SOURCE 500
5 #if HAVE_SHADOW_H
6 #include <shadow.h>
7 #endif
8
9 #include <ctype.h>
10 #include <pwd.h>
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <unistd.h>
15 #include <sys/types.h>
16 #include <X11/keysym.h>
17 #include <X11/Xlib.h>
18 #include <X11/Xutil.h>
19
20 const char *
21 get_password() { /* only run as root */
22         const char *rval;
23         struct passwd *pw;
24
25         if(geteuid() != 0) {
26                 fputs("slock: cannot retrieve password entry (make sure to suid slock)\n", stderr);
27                 exit(EXIT_FAILURE);
28         }
29         pw = getpwuid(getuid());
30         endpwent();
31         rval =  pw->pw_passwd;
32
33 #if HAVE_SHADOW_H
34         {
35                 struct spwd *sp;
36                 sp = getspnam(getenv("USER"));
37                 endspent();
38                 rval = sp->sp_pwdp;
39         }
40 #endif
41         /* drop privileges */
42         if(setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
43                 fputs("slock: cannot drop privileges\n",stdout);
44                 exit(EXIT_FAILURE);
45         }
46         return rval;
47 }
48
49 int
50 main(int argc, char **argv) {
51         char curs[] = {0, 0, 0, 0, 0, 0, 0, 0};
52         char buf[32], passwd[256];
53         int num, screen;
54         const char *pws;
55         unsigned int len;
56         Bool running = True;
57         Cursor invisible;
58         Display *dpy;
59         KeySym ksym;
60         Pixmap pmap;
61         Window w;
62         XColor black, dummy;
63         XEvent ev;
64         XSetWindowAttributes wa;
65
66         if((argc > 1) && !strncmp(argv[1], "-v", 3)) {
67                 fputs("slock-"VERSION", (C)opyright MMVI Anselm R. Garbe\n", stdout);
68                 exit(EXIT_SUCCESS);
69         }
70         pws = get_password();
71         if(!(dpy = XOpenDisplay(0))) {
72                 fputs("slock: cannot open display\n", stderr);
73                 exit(EXIT_FAILURE);
74         }
75         screen = DefaultScreen(dpy);
76
77         /* init */
78         wa.override_redirect = 1;
79         wa.background_pixel = BlackPixel(dpy, screen);
80         w = XCreateWindow(dpy, RootWindow(dpy, screen), 0, 0,
81                         DisplayWidth(dpy, screen), DisplayHeight(dpy, screen),
82                         0, DefaultDepth(dpy, screen), CopyFromParent,
83                         DefaultVisual(dpy, screen), CWOverrideRedirect | CWBackPixel, &wa);
84
85         XAllocNamedColor(dpy, DefaultColormap(dpy, screen), "black", &black, &dummy);
86         pmap = XCreateBitmapFromData(dpy, w, curs, 8, 8);
87         invisible = XCreatePixmapCursor(dpy, pmap, pmap, &black, &black, 0, 0);
88         XDefineCursor(dpy, w, invisible);
89         running = XGrabPointer(dpy, RootWindow(dpy, screen), False,
90                         ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
91                         GrabModeAsync, GrabModeSync, None, invisible, CurrentTime) == GrabSuccess;
92         len = 10;
93         for(len = 10; len && (XGrabKeyboard(dpy, RootWindow(dpy, screen), True, GrabModeAsync,
94                 GrabModeAsync, CurrentTime) != GrabSuccess); len--)
95                 usleep(1000);
96         running = running && (len > 0);
97         len = 0;
98         XMapRaised(dpy, w);
99         XSync(dpy, False);
100
101         /* main event loop */
102         while(running && !XNextEvent(dpy, &ev))
103                 if(ev.type == KeyPress) {
104                         buf[0] = 0;
105                         num = XLookupString(&ev.xkey, buf, sizeof buf, &ksym, 0);
106                         if(IsFunctionKey(ksym) || IsKeypadKey(ksym)
107                                         || IsMiscFunctionKey(ksym) || IsPFKey(ksym)
108                                         || IsPrivateKeypadKey(ksym))
109                                 continue;
110                         switch(ksym) {
111                         case XK_Return:
112                                 passwd[len] = 0;
113                                 if((running = strcmp(crypt(passwd, pws), pws)) != 0)
114                                         XBell(dpy, 100);
115                                 len = 0;
116                                 break;
117                         case XK_Escape:
118                                 len = 0;
119                                 break;
120                         case XK_BackSpace:
121                                 if(len)
122                                         --len;
123                                 break;
124                         default:
125                                 if(num && !iscntrl((int) buf[0]) && (len + num < sizeof passwd)) { 
126                                         memcpy(passwd + len, buf, num);
127                                         len += num;
128                                 }
129                                 break;
130                         }
131                 }
132         XUngrabPointer(dpy, CurrentTime);
133         XFreePixmap(dpy, pmap);
134         XDestroyWindow(dpy, w);
135         XCloseDisplay(dpy);
136         return 0;
137 }