diff options
| author | Tobias Stoeckmann <tobias@stoeckmann.org> | 2017-10-19 22:18:18 +0200 |
|---|---|---|
| committer | Adam Jackson <ajax@redhat.com> | 2017-10-20 14:51:03 -0400 |
| commit | 987fee49dc1750082cfe6e24833379233777a13b (patch) | |
| tree | eaa25ec9436ec31ebbf1a0fe7109c75fd22514dc | |
| parent | 42e152c6f2d1bd839e77c5e97f3a509d890c3237 (diff) | |
| download | xorg-lib-libXau-987fee49dc1750082cfe6e24833379233777a13b.tar.gz | |
Avoid out of boundary read access
If the environment variable HOME is empty, XauFileName triggers an
out of boundary read access (name[1]). If HOME consists of a single
character relative path, the output becomes unexpected, because
"HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted,
a relative HOME path leads to trouble in general, the code should
properly return "a/.Xauthority" nonetheless.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
| -rw-r--r-- | AuFileName.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/AuFileName.c b/AuFileName.c index 37c8b62..2946c80 100644 --- a/AuFileName.c +++ b/AuFileName.c @@ -85,6 +85,6 @@ XauFileName (void) bsize = size; } snprintf (buf, bsize, "%s%s", name, - slashDotXauthority + (name[1] == '\0' ? 1 : 0)); + slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0)); return buf; } |