[PATCH libXau] Avoid out of boundary read access

Adam Jackson ajax at nwnk.net
Fri Oct 20 18:51:42 UTC 2017


On Thu, 2017-10-19 at 15:02 -0700, Alan Coopersmith wrote:
> On 10/19/17 01:18 PM, Tobias Stoeckmann wrote:
> > If the environment variable HOME is empty, XauFileName triggers an
> > out of boundary read access (name[1]). If HOME consists of a single
> > character relative path, the output becomes unexpected, because
> > "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted,
> > a relative HOME path leads to trouble in general, the code should
> > properly return "a/.Xauthority" nonetheless.
> > 
> > Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
> > ---
> >   AuFileName.c | 2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/AuFileName.c b/AuFileName.c
> > index 37c8b62..2946c80 100644
> > --- a/AuFileName.c
> > +++ b/AuFileName.c
> > @@ -85,6 +85,6 @@ XauFileName (void)
> >   	bsize = size;
> >       }
> >       snprintf (buf, bsize, "%s%s", name,
> > -              slashDotXauthority + (name[1] == '\0' ? 1 : 0));
> > +              slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0));
> >       return buf;
> >   }
> > 
> 
> Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>

remote: I: patch #183854 updated using rev 987fee49dc1750082cfe6e24833379233777a13b.
remote: I: 1 patch(es) updated to state Accepted.
To ssh://git.freedesktop.org/git/xorg/lib/libXau
   42e152c..987fee4  master -> master

- ajax


More information about the xorg-devel mailing list