andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

os: Fix strtok/free crash in ComputeLocalClient

Browse Source 
Don't reuse cmd for strtok output to ensure the proper pointer is
freed afterwards.

The code incorrectly assumed the pointer returned by strtok(cmd, ":")
would always point to cmd. However, strtok(str, sep) != str if str
begins with sep. This caused an invalid-free crash when running
a program under X with a name beginning with a colon.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=104123
Signed-off-by: Tomasz Śniatowski <kailoran@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 6883ae43eb)
This commit is contained in:
Tomasz Śniatowski 2017-12-06 12:16:17 +01:00 committed by Adam Jackson
parent 072dff8281
commit dbf97534de
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
os/access.c
View File

@ -1137,12 +1137,12 @@ ComputeLocalClient(ClientPtr client)
/* Cut off any colon and whatever comes after it, see
* https://lists.freedesktop.org/archives/xorg-devel/2015-December/048164.html
*/
cmd = strtok(cmd, ":");
char *tok = strtok(cmd, ":");
#if !defined(WIN32) || defined(__CYGWIN__)
ret = strcmp(basename(cmd), "ssh") != 0;
ret = strcmp(basename(tok), "ssh") != 0;
#else
ret = strcmp(cmd, "ssh") != 0;
ret = strcmp(tok, "ssh") != 0;
#endif
free(cmd);