On Thu, 2017-10-19 at 15:02 -0700, Alan Coopersmith wrote: > On 10/19/17 01:18 PM, Tobias Stoeckmann wrote: > > If the environment variable HOME is empty, XauFileName triggers an > > out of boundary read access (name[1]). If HOME consists of a single > > character relative path, the output becomes unexpected, because > > "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted, > > a relative HOME path leads to trouble in general, the code should > > properly return "a/.Xauthority" nonetheless. > > > > Signed-off-by: Tobias Stoeckmann <[email protected]> > > --- > > AuFileName.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/AuFileName.c b/AuFileName.c > > index 37c8b62..2946c80 100644 > > --- a/AuFileName.c > > +++ b/AuFileName.c > > @@ -85,6 +85,6 @@ XauFileName (void) > > bsize = size; > > } > > snprintf (buf, bsize, "%s%s", name, > > - slashDotXauthority + (name[1] == '\0' ? 1 : 0)); > > + slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 > > : 0)); > > return buf; > > } > > > > Reviewed-by: Alan Coopersmith <[email protected]>
remote: I: patch #183854 updated using rev 987fee49dc1750082cfe6e24833379233777a13b. remote: I: 1 patch(es) updated to state Accepted. To ssh://git.freedesktop.org/git/xorg/lib/libXau 42e152c..987fee4 master -> master - ajax _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
