[PATCH:xdm] Ensure fgets read at least one byte before modifying string

walter harms wharms at bfs.de
Mon Oct 21 09:10:39 CEST 2013


Acked-by: walter harms <wharms at bfs.de>

Am 20.10.2013 03:06, schrieb Alan Coopersmith:
> If a file has a \0 byte (binary file, strange encoding, corruption),
> fgets() can return a string starting with a \0 byte - check for that
> before checking to see if the byte before the \0 is a \n, so we don't
> reach back before the start of our memory buffer.
> 
> Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
> ---
>  xdm/dm.c      |   11 ++++++-----
>  xdm/session.c |    2 ++
>  2 files changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/xdm/dm.c b/xdm/dm.c
> index 90543c1..603cc63 100644
> --- a/xdm/dm.c
> +++ b/xdm/dm.c
> @@ -295,7 +295,6 @@ static void
>  ScanServers (void)
>  {
>      char	lineBuf[10240];
> -    int		len;
>      FILE	*serversFile;
>      struct stat	statb;
>      static DisplayType	acceptableTypes[] =
> @@ -320,10 +319,12 @@ ScanServers (void)
>  	}
>  	while (fgets (lineBuf, sizeof (lineBuf)-1, serversFile))
>  	{
> -	    len = strlen (lineBuf);
> -	    if (lineBuf[len-1] == '\n')
> -		lineBuf[len-1] = '\0';
> -	    ParseDisplay (lineBuf, acceptableTypes, NumTypes);
> +	    size_t len = strlen (lineBuf);
> +	    if (len > 0) {
> +		if (lineBuf[len-1] == '\n')
> +		    lineBuf[len-1] = '\0';
> +		ParseDisplay (lineBuf, acceptableTypes, NumTypes);
> +	    }
>  	}
>  	fclose (serversFile);
>      }
> diff --git a/xdm/session.c b/xdm/session.c
> index 84c58d7..eff9c74 100644
> --- a/xdm/session.c
> +++ b/xdm/session.c
> @@ -969,6 +969,8 @@ execute (char **argv, char **environ)
>  	    return;
>  	}
>  	fclose (f);
> +	if (program[0] == '\0')
> +	    return;
>  	e = program + strlen (program) - 1;
>  	if (*e == '\n')
>  	    *e = '\0';


More information about the xorg-devel mailing list