From c385570d85df2c00bcf3e4a2b7baa8d00b7b92c5 Mon Sep 17 00:00:00 2001
From: Allison Lortie <desrt@desrt.ca>
Date: Tue, 14 Jun 2016 16:08:21 -0400
Subject: [PATCH 1/2] authutil: fix an out-of-bounds access

There is a theoretical edge case where the $HOME environment variable
could be set to the empty string.  IceAuthFileName() unconditionally
checks index 1 of this string, which is out of bounds.

Fix that up by rejecting empty strings in the same way as we reject
NULL.

https://bugs.freedesktop.org/show_bug.cgi?id=49173
---
 src/authutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/authutil.c b/src/authutil.c
index 04c0791..7950e27 100644
--- a/src/authutil.c
+++ b/src/authutil.c
@@ -84,7 +84,7 @@ IceAuthFileName (void)
 
     name = getenv ("HOME");
 
-    if (!name)
+    if (!name || !name[0])
     {
 #ifdef WIN32
     register char *ptr1;
@@ -102,7 +102,7 @@ IceAuthFileName (void)
 	snprintf (dir, sizeof(dir), "%s%s", ptr1, (ptr2) ? ptr2 : "");
 	name = dir;
     }
-    if (!name)
+    if (!name || !name[0])
 #endif
 	return (NULL);
     }
-- 
2.8.1