[PATCH libXau] Avoid out of boundary read access
Adam Jackson
ajax at nwnk.net
Fri Oct 20 18:51:42 UTC 2017
On Thu, 2017-10-19 at 15:02 -0700, Alan Coopersmith wrote:
> On 10/19/17 01:18 PM, Tobias Stoeckmann wrote:
> > If the environment variable HOME is empty, XauFileName triggers an
> > out of boundary read access (name[1]). If HOME consists of a single
> > character relative path, the output becomes unexpected, because
> > "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted,
> > a relative HOME path leads to trouble in general, the code should
> > properly return "a/.Xauthority" nonetheless.
> >
> > Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
> > ---
> > AuFileName.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/AuFileName.c b/AuFileName.c
> > index 37c8b62..2946c80 100644
> > --- a/AuFileName.c
> > +++ b/AuFileName.c
> > @@ -85,6 +85,6 @@ XauFileName (void)
> > bsize = size;
> > }
> > snprintf (buf, bsize, "%s%s", name,
> > - slashDotXauthority + (name[1] == '\0' ? 1 : 0));
> > + slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0));
> > return buf;
> > }
> >
>
> Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
remote: I: patch #183854 updated using rev 987fee49dc1750082cfe6e24833379233777a13b.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/lib/libXau
42e152c..987fee4 master -> master
- ajax
More information about the xorg-devel
mailing list