[PATCH iceauth] Error out and avoid a call to malloc(0) if given a bad hex string

Jeremy Huddleston jeremyhu at apple.com
Sun May 8 09:03:36 PDT 2011


Yep.  Scroll up in your mail log ;)

http://cgit.freedesktop.org/xorg/app/xauth/commit/?id=5032c286df16737277c9a04e1083171ffec89000

On May 7, 2011, at 11:13 PM, Alan Coopersmith wrote:

> On 04/28/11 12:53 AM, Jeremy Huddleston wrote:
>> 
>> Found-by: clang static analyzer
>> Signed-off-by: Jeremy Huddleston <jeremyhu at apple.com>
>> ---
>> process.c |    4 ++--
>> 1 files changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/process.c b/process.c
>> index f51e643..56b7aaf 100644
>> --- a/process.c
>> +++ b/process.c
>> @@ -401,8 +401,8 @@ static int cvthexkey (	/* turn hex key string into octets */
>> 	len++;
>>     }
>> 
>> -    /* if odd then there was an error */
>> -    if ((len & 1) == 1) return -1;
>> +    /* if 0 or odd, then there was an error */
>> +    if (len == 0 || (len & 1) == 1) return -1;
>> 
>> 
>>     /* now we know that the input is good */
> 
> Looks like xauth needs the same fix.  (iceauth is mostly a
> duplicate copy of xauth.)
> 
> -- 
> 	-Alan Coopersmith-        alan.coopersmith at oracle.com
> 	 Oracle Solaris Platform Engineering: X Window System
> 



More information about the xorg-devel mailing list