Avoid out of boundary read access

If the environment variable HOME is empty, XauFileName triggers an out of boundary read access (name[1]). If HOME consists of a single character relative path, the output becomes unexpected, because "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted, a relative HOME path leads to trouble in general, the code should properly return "a/.Xauthority" nonetheless. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Tobias Stoeckmann <tobias@stoeckmann.org> 2017-10-19 22:18:18 +0200
committer: Adam Jackson <ajax@redhat.com> 2017-10-20 14:51:03 -0400
commit: 987fee49dc1750082cfe6e24833379233777a13b (patch)
tree: eaa25ec9436ec31ebbf1a0fe7109c75fd22514dc
parent: 42e152c6f2d1bd839e77c5e97f3a509d890c3237 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/AuFileName.c b/AuFileName.c
index 37c8b62..2946c80 100644
--- a/AuFileName.c
+++ b/AuFileName.c
@@ -85,6 +85,6 @@ XauFileName (void)
 	bsize = size;
     }
     snprintf (buf, bsize, "%s%s", name,
-              slashDotXauthority + (name[1] == '\0' ? 1 : 0));
+              slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0));
     return buf;
 }
author	Tobias Stoeckmann <tobias@stoeckmann.org>	2017-10-19 22:18:18 +0200
committer	Adam Jackson <ajax@redhat.com>	2017-10-20 14:51:03 -0400
commit	987fee49dc1750082cfe6e24833379233777a13b (patch)
tree	eaa25ec9436ec31ebbf1a0fe7109c75fd22514dc
parent	42e152c6f2d1bd839e77c5e97f3a509d890c3237 (diff)