os: Fix strtok/free crash in ComputeLocalClient
Don't reuse cmd for strtok output to ensure the proper pointer is
freed afterwards.
The code incorrectly assumed the pointer returned by strtok(cmd, ":")
would always point to cmd. However, strtok(str, sep) != str if str
begins with sep. This caused an invalid-free crash when running
a program under X with a name beginning with a colon.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=104123
Signed-off-by: Tomasz Śniatowski <kailoran@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
(cherry picked from commit 6883ae43eb
)
This commit is contained in:
parent
072dff8281
commit
dbf97534de
|
@ -1137,12 +1137,12 @@ ComputeLocalClient(ClientPtr client)
|
|||
/* Cut off any colon and whatever comes after it, see
|
||||
* https://lists.freedesktop.org/archives/xorg-devel/2015-December/048164.html
|
||||
*/
|
||||
cmd = strtok(cmd, ":");
|
||||
char *tok = strtok(cmd, ":");
|
||||
|
||||
#if !defined(WIN32) || defined(__CYGWIN__)
|
||||
ret = strcmp(basename(cmd), "ssh") != 0;
|
||||
ret = strcmp(basename(tok), "ssh") != 0;
|
||||
#else
|
||||
ret = strcmp(cmd, "ssh") != 0;
|
||||
ret = strcmp(tok, "ssh") != 0;
|
||||
#endif
|
||||
|
||||
free(cmd);
|
||||
|
|
Loading…
Reference in New Issue
Block a user