From c385570d85df2c00bcf3e4a2b7baa8d00b7b92c5 Mon Sep 17 00:00:00 2001 From: Allison Lortie Date: Tue, 14 Jun 2016 16:08:21 -0400 Subject: [PATCH 1/2] authutil: fix an out-of-bounds access There is a theoretical edge case where the $HOME environment variable could be set to the empty string. IceAuthFileName() unconditionally checks index 1 of this string, which is out of bounds. Fix that up by rejecting empty strings in the same way as we reject NULL. https://bugs.freedesktop.org/show_bug.cgi?id=49173 --- src/authutil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authutil.c b/src/authutil.c index 04c0791..7950e27 100644 --- a/src/authutil.c +++ b/src/authutil.c @@ -84,7 +84,7 @@ IceAuthFileName (void) name = getenv ("HOME"); - if (!name) + if (!name || !name[0]) { #ifdef WIN32 register char *ptr1; @@ -102,7 +102,7 @@ IceAuthFileName (void) snprintf (dir, sizeof(dir), "%s%s", ptr1, (ptr2) ? ptr2 : ""); name = dir; } - if (!name) + if (!name || !name[0]) #endif return (NULL); } -- 2.8.1