From 48ed5e04b5a8ba64dcfeea090cf3a32d3087b749 Mon Sep 17 00:00:00 2001 From: Allison Lortie Date: Tue, 14 Jun 2016 16:08:21 -0400 Subject: authutil: fix an out-of-bounds access There is a theoretical edge case where the $HOME environment variable could be set to the empty string. IceAuthFileName() unconditionally checks index 1 of this string, which is out of bounds. Fix that up by rejecting empty strings in the same way as we reject NULL. https://bugs.freedesktop.org/show_bug.cgi?id=49173 Signed-off-by: Alan Coopersmith --- src/authutil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authutil.c b/src/authutil.c index e3bad01..e2e5979 100644 --- a/src/authutil.c +++ b/src/authutil.c @@ -83,7 +83,7 @@ IceAuthFileName (void) name = getenv ("HOME"); - if (!name) + if (!name || !name[0]) { #ifdef WIN32 register char *ptr1; @@ -101,7 +101,7 @@ IceAuthFileName (void) snprintf (dir, sizeof(dir), "%s%s", ptr1, (ptr2) ? ptr2 : ""); name = dir; } - if (!name) + if (!name || !name[0]) #endif return (NULL); } -- cgit v1.2.3