[PATCH libXau] Avoid out of boundary read access

Alan Coopersmith alan.coopersmith at oracle.com
Thu Oct 19 22:02:21 UTC 2017


On 10/19/17 01:18 PM, Tobias Stoeckmann wrote:
> If the environment variable HOME is empty, XauFileName triggers an
> out of boundary read access (name[1]). If HOME consists of a single
> character relative path, the output becomes unexpected, because
> "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted,
> a relative HOME path leads to trouble in general, the code should
> properly return "a/.Xauthority" nonetheless.
> 
> Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
> ---
>   AuFileName.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/AuFileName.c b/AuFileName.c
> index 37c8b62..2946c80 100644
> --- a/AuFileName.c
> +++ b/AuFileName.c
> @@ -85,6 +85,6 @@ XauFileName (void)
>   	bsize = size;
>       }
>       snprintf (buf, bsize, "%s%s", name,
> -              slashDotXauthority + (name[1] == '\0' ? 1 : 0));
> +              slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0));
>       return buf;
>   }
> 

Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>

-- 
	-Alan Coopersmith-               alan.coopersmith at oracle.com
	 Oracle Solaris Engineering - https://blogs.oracle.com/alanc


More information about the xorg-devel mailing list