Bug#889720: xauth crashes when directory name matches host name
Package: xauth
Version: 1:1.0.10-1
Architecture: arm64
Running 'startx' on a machine named 'myhost' (aarch64), with a sub-directory named 'myhost' in my home directory: X starts very slowly, and I see the message:
xauth: timeout in locking authority file /home/john/.Xauthority
Here's what happens: the 'startx' script calls 'xauth list' in a loop (line 199) and the first call crashes after receiving SIG_SEGV; this leaves its lock files in place, and the next instance of xauth times out waiting for them to go away.
I think I've traced the reason for 'xauth list' crashing: my .Xauthority file contains a line like this:
myhost:0 MIT-MAGIC-COOKIE-1 <some value>
and while processing this for printing, there's some code in parsedpy.c (line 178) that does this:
if (0 == stat(path, &sbuf))
family = FamilyLocal;
and this test succeeds because 'myhost' is the name of a valid file (actually a directory)
Then later on in gethost.c we have:
switch (family) {
case FamilyLocal: /* hostname/unix:0 */
...
if (0 == stat(path, &sbuf))
is_path_to_socket = 1;
...
if (is_path_to_socket)
strncpy(buf, strrchr(fulldpyname, '/') + 1, sizeof(buf));
But there is no '/' in the name, so we end up passing a null pointer to strncpy(), which crashes the whole program.
Reply to: