os: Fix strtok/free crash in ComputeLocalClient
Don't reuse cmd for strtok output to ensure the proper pointer is freed afterwards. The code incorrectly assumed the pointer returned by strtok(cmd, ":") would always point to cmd. However, strtok(str, sep) != str if str begins with sep. This caused an invalid-free crash when running a program under X with a name beginning with a colon. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=104123 Signed-off-by: Tomasz Śniatowski <kailoran@gmail.com> Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
This commit is contained in:
parent
aa6651f83c
commit
6883ae43eb
|
@ -1137,12 +1137,12 @@ ComputeLocalClient(ClientPtr client)
|
|||
/* Cut off any colon and whatever comes after it, see
|
||||
* https://lists.freedesktop.org/archives/xorg-devel/2015-December/048164.html
|
||||
*/
|
||||
cmd = strtok(cmd, ":");
|
||||
char *tok = strtok(cmd, ":");
|
||||
|
||||
#if !defined(WIN32) || defined(__CYGWIN__)
|
||||
ret = strcmp(basename(cmd), "ssh") != 0;
|
||||
ret = strcmp(basename(tok), "ssh") != 0;
|
||||
#else
|
||||
ret = strcmp(cmd, "ssh") != 0;
|
||||
ret = strcmp(tok, "ssh") != 0;
|
||||
#endif
|
||||
|
||||
free(cmd);
|
||||
|
|
Loading…
Reference in New Issue
Block a user