[PATCH:xdm] Ensure fgets read at least one byte before modifying string

Alan Coopersmith alan.coopersmith at oracle.com
Sun Oct 20 03:06:17 CEST 2013


If a file has a \0 byte (binary file, strange encoding, corruption),
fgets() can return a string starting with a \0 byte - check for that
before checking to see if the byte before the \0 is a \n, so we don't
reach back before the start of our memory buffer.

Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
 xdm/dm.c      |   11 ++++++-----
 xdm/session.c |    2 ++
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/xdm/dm.c b/xdm/dm.c
index 90543c1..603cc63 100644
--- a/xdm/dm.c
+++ b/xdm/dm.c
@@ -295,7 +295,6 @@ static void
 ScanServers (void)
 {
     char	lineBuf[10240];
-    int		len;
     FILE	*serversFile;
     struct stat	statb;
     static DisplayType	acceptableTypes[] =
@@ -320,10 +319,12 @@ ScanServers (void)
 	}
 	while (fgets (lineBuf, sizeof (lineBuf)-1, serversFile))
 	{
-	    len = strlen (lineBuf);
-	    if (lineBuf[len-1] == '\n')
-		lineBuf[len-1] = '\0';
-	    ParseDisplay (lineBuf, acceptableTypes, NumTypes);
+	    size_t len = strlen (lineBuf);
+	    if (len > 0) {
+		if (lineBuf[len-1] == '\n')
+		    lineBuf[len-1] = '\0';
+		ParseDisplay (lineBuf, acceptableTypes, NumTypes);
+	    }
 	}
 	fclose (serversFile);
     }
diff --git a/xdm/session.c b/xdm/session.c
index 84c58d7..eff9c74 100644
--- a/xdm/session.c
+++ b/xdm/session.c
@@ -969,6 +969,8 @@ execute (char **argv, char **environ)
 	    return;
 	}
 	fclose (f);
+	if (program[0] == '\0')
+	    return;
 	e = program + strlen (program) - 1;
 	if (*e == '\n')
 	    *e = '\0';
-- 
1.7.9.2



More information about the xorg-devel mailing list