Fix segfault when X starts

This patch potentially fixes bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884934 System log entries when this bug occurs: kernel: xauth[16729]: segfault at 1 ip 00007f51f517f5a5 sp 00007ffdec846568 error 4 in libc-2.31.so[7f51f5102000+144000] kernel: Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 8f 0b 00 00 66 0f ef c0 <f3> 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f This bug happens when function get_address_info() in gethost.c is called with a display name without forward slash, for example 'myhost.mydomain:0'
author: Alex Gendin <ukkeefy@gmail.com> 2020-09-26 23:26:07 -0400
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2021-08-02 20:30:21 +0000
commit: c2811c953620cf946269db2b74b29e0dc707e26a (patch)
tree: ee166539b49b8a36d4cc89a68d871059b1e6211a
parent: d7e5021416444e3cc545ffa4f8d1e613cabec633 (diff)
3 files changed, 7 insertions, 4 deletions
diff --git a/gethost.c b/gethost.c
index c353a9a..b304bb9 100644
--- a/gethost.c
+++ b/gethost.c
@@ -199,7 +199,7 @@ struct addrlist *get_address_info (
 #ifdef HAVE_STRLCPY
 	    strlcpy(path, fulldpyname, sizeof(path));
 #else
-	    strncpy(path, fulldpyname, sizeof(path));
+	    strncpy(path, fulldpyname, sizeof(path) - 1);
 	    path[sizeof(path) - 1] = '\0';
 #endif
 	    if (0 == stat(path, &sbuf) && S_ISSOCK(sbuf.st_mode) ) {
@@ -218,10 +218,11 @@ struct addrlist *get_address_info (
 	    if (is_path_to_socket) {
 		/* Use the bundle id (part preceding : in the basename) as our src id */
 		char *c;
+		c = strrchr(fulldpyname, '/');
 #ifdef HAVE_STRLCPY
-		strlcpy(buf, strrchr(fulldpyname, '/') + 1, sizeof(buf));
+		strlcpy(buf, (NULL != c) ? c + 1 : fulldpyname, sizeof(buf));
 #else
-		strncpy(buf, strrchr(fulldpyname, '/') + 1, sizeof(buf));
+		strncpy(buf, (NULL != c) ? c + 1 : fulldpyname, sizeof(buf) - 1);
 		buf[sizeof(buf) - 1] = '\0';
 #endif
 
diff --git a/parsedpy.c b/parsedpy.c
index 97988d3..8aea441 100644
--- a/parsedpy.c
+++ b/parsedpy.c
@@ -172,7 +172,7 @@ parse_displayname (const char *displayname,
 #ifdef HAVE_STRLCPY
         strlcpy(path, displayname, sizeof(path));
 #else
-        strncpy(path, displayname, sizeof(path));
+        strncpy(path, displayname, sizeof(path) - 1);
         path[sizeof(path) - 1] = '\0';
 #endif
         if (0 == stat(path, &sbuf)) {
diff --git a/process.c b/process.c
index 50d82b0..cda6fd7 100644
--- a/process.c
+++ b/process.c
@@ -1644,6 +1644,7 @@ do_add(const char *inputfilename, int lineno, int argc, const char **argv)
 	    return 1;
 	}
 	strncpy(key, hexkey+1, len-2);
+	key[len-1] = '\0';
 	len -= 2;
     } else if (!strcmp(protoname, SECURERPC) ||
 	       !strcmp(protoname, K5AUTH)) {
@@ -1961,6 +1962,7 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv)
 		    goto exit_generate;
 		}
 		strncpy(authdata, hexdata+1, authdatalen-2);
+		authdata[authdatalen-1] = '\0';
 		authdatalen -= 2;
 	    } else {
 		authdatalen = cvthexkey (hexdata, &authdata);
author	Alex Gendin <ukkeefy@gmail.com>	2020-09-26 23:26:07 -0400
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2021-08-02 20:30:21 +0000
commit	c2811c953620cf946269db2b74b29e0dc707e26a (patch)
tree	ee166539b49b8a36d4cc89a68d871059b1e6211a
parent	d7e5021416444e3cc545ffa4f8d1e613cabec633 (diff)