Fix segmentation fault on invalid add argument.

The hex key supplied with an add command can be quoted, in which case the quotation marks are removed. The check itself makes sure that a given string starts with a double quotation mark and ends with a double quotation mark. Buf if only " is supplied, the code crashes because it subtracts 2 from the length (which is 1) and therefore copies too much memory into a 0 allocated memory area. Proof of concept: $ xauth add :0 0 \"
author: Tobias Stoeckmann <tobias@stoeckmann.org> 2020-05-03 12:25:21 +0200
committer: Tobias Stoeckmann <tobias@stoeckmann.org> 2020-05-03 12:25:21 +0200
commit: cb98d3b3c5e0f8a7585ab6e2c909fad68c52fd55 (patch)
tree: 93691e8ff081d36f87e8f985e4d77c625ee0f6c7
parent: e97992671b3870878709a1c01991488965b61b94 (diff)
download: xorg-app-xauth-cb98d3b3c5e0f8a7585ab6e2c909fad68c52fd55.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/process.c b/process.c
index 148f14b..43f10e0 100644
--- a/process.c
+++ b/process.c
@@ -1614,7 +1614,7 @@ do_add(const char *inputfilename, int lineno, int argc, const char **argv)
     hexkey = argv[3];
 
     len = strlen(hexkey);
-    if (hexkey[0] == '"' && hexkey[len-1] == '"') {
+    if (len > 1 && hexkey[0] == '"' && hexkey[len-1] == '"') {
 	key = malloc(len-1);
 	strncpy(key, hexkey+1, len-2);
 	len -= 2;
author	Tobias Stoeckmann <tobias@stoeckmann.org>	2020-05-03 12:25:21 +0200
committer	Tobias Stoeckmann <tobias@stoeckmann.org>	2020-05-03 12:25:21 +0200
commit	cb98d3b3c5e0f8a7585ab6e2c909fad68c52fd55 (patch)
tree	93691e8ff081d36f87e8f985e4d77c625ee0f6c7
parent	e97992671b3870878709a1c01991488965b61b94 (diff)
download	xorg-app-xauth-cb98d3b3c5e0f8a7585ab6e2c909fad68c52fd55.tar.gz