Bug 98811

Summary: iceauth segfaults on invalid input
Product: xorg Reporter: Tobias Stoeckmann <tobias>
Component: App/otherAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium Keywords: patch
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
My proposed patch none

Description Tobias Stoeckmann 2016-11-21 20:01:54 UTC 
Created attachment 128106 [details] [review]
My proposed patch

The 'add' command leads to a segmentation fault on invalid input.

Two arguments to 'add' can be quoted, but the quotation check does not
properly parse a single double quote:

$ echo 'add 0 " 0 0 0' | iceauth
Segmentation fault
$ _

This happens because the code does not properly check if the argument
consists of just one quote. Technically, it is true that the first
and the last characters are double quotes. Therefore it also takes a
check to verify that the length of the string is at least 2.
Comment 1 Alan Coopersmith 2018-03-25 06:39:39 UTC 
Thanks for the fix!  Pushed to git master:
To ssh://git.freedesktop.org/git/xorg/app/iceauth
   e994aca..509b0b9  master -> master

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.