#1 Segfault in wmf.c

[Miguel Angel Rodriguez Jodar]

Tested and proposed fixes to version 1.0.5 under i386
Linux.

This happens when CheckHomeDir calculates the space
for a string containing the whole config file.

Filename: file.c
row: 32

newsize = strlen(Name)+strlen((char *)getenv("HOME")
+1);

It should be:
newsize = strlen(Name)+strlen((char *)getenv("HOME"))
+1;

The +1 in the first form shifts the start of the string to
one character on the right, making strlen to return one
character less. What the author wanted to do is to add
one extra byte for the \0 (second form)

The original code used this routine to fill newname with
the config file path, causing a buffer overflow of 1 byte.
Later on, in wmf.c, freechar() tries to free the allocated
block, but this fails causing the segfault.

Cheers!