diff options
author | Allison Lortie <desrt@desrt.ca> | 2016-06-14 16:08:21 -0400 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2019-03-24 14:17:32 -0700 |
commit | 48ed5e04b5a8ba64dcfeea090cf3a32d3087b749 (patch) | |
tree | 613dd47f92694ba93ada39b6fae8d81e9fb7e715 /src/authutil.c | |
parent | 468b83ec4810b4ea2373182b5801f998f3dcd471 (diff) |
authutil: fix an out-of-bounds access
There is a theoretical edge case where the $HOME environment variable
could be set to the empty string. IceAuthFileName() unconditionally
checks index 1 of this string, which is out of bounds.
Fix that up by rejecting empty strings in the same way as we reject
NULL.
https://bugs.freedesktop.org/show_bug.cgi?id=49173
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src/authutil.c')
-rw-r--r-- | src/authutil.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/authutil.c b/src/authutil.c index e3bad01..e2e5979 100644 --- a/src/authutil.c +++ b/src/authutil.c @@ -83,7 +83,7 @@ IceAuthFileName (void) name = getenv ("HOME"); - if (!name) + if (!name || !name[0]) { #ifdef WIN32 register char *ptr1; @@ -101,7 +101,7 @@ IceAuthFileName (void) snprintf (dir, sizeof(dir), "%s%s", ptr1, (ptr2) ? ptr2 : ""); name = dir; } - if (!name) + if (!name || !name[0]) #endif return (NULL); } |