If the environment variable HOME is empty, XauFileName triggers an out of boundary read access (name[1]). If HOME consists of a single character relative path, the output becomes unexpected, because "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted, a relative HOME path leads to trouble in general, the code should properly return "a/.Xauthority" nonetheless.
Signed-off-by: Tobias Stoeckmann <[email protected]> --- AuFileName.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AuFileName.c b/AuFileName.c index 37c8b62..2946c80 100644 --- a/AuFileName.c +++ b/AuFileName.c @@ -85,6 +85,6 @@ XauFileName (void) bsize = size; } snprintf (buf, bsize, "%s%s", name, - slashDotXauthority + (name[1] == '\0' ? 1 : 0)); + slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0)); return buf; } -- 2.14.2 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
