authutil: fix an out-of-bounds access

There is a theoretical edge case where the $HOME environment variable could be set to the empty string. IceAuthFileName() unconditionally checks index 1 of this string, which is out of bounds. Fix that up by rejecting empty strings in the same way as we reject NULL. https://bugs.freedesktop.org/show_bug.cgi?id=49173 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Allison Lortie <desrt@desrt.ca> 2016-06-14 16:08:21 -0400
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2019-03-24 14:17:32 -0700
commit: 48ed5e04b5a8ba64dcfeea090cf3a32d3087b749 (patch)
tree: 613dd47f92694ba93ada39b6fae8d81e9fb7e715
parent: 468b83ec4810b4ea2373182b5801f998f3dcd471 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/authutil.c b/src/authutil.c
index e3bad01..e2e5979 100644
--- a/src/authutil.c
+++ b/src/authutil.c
@@ -83,7 +83,7 @@ IceAuthFileName (void)
 
     name = getenv ("HOME");
 
-    if (!name)
+    if (!name || !name[0])
     {
 #ifdef WIN32
     register char *ptr1;
@@ -101,7 +101,7 @@ IceAuthFileName (void)
 	snprintf (dir, sizeof(dir), "%s%s", ptr1, (ptr2) ? ptr2 : "");
 	name = dir;
     }
-    if (!name)
+    if (!name || !name[0])
 #endif
 	return (NULL);
     }
author	Allison Lortie <desrt@desrt.ca>	2016-06-14 16:08:21 -0400
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2019-03-24 14:17:32 -0700
commit	48ed5e04b5a8ba64dcfeea090cf3a32d3087b749 (patch)
tree	613dd47f92694ba93ada39b6fae8d81e9fb7e715
parent	468b83ec4810b4ea2373182b5801f998f3dcd471 (diff)