[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#889720: xauth crashes when directory name matches host name

My testing confirms this bug still applies to xauth-1:1.1-1 in Bullseye,
as the status graphic indicates.

Fixed upstream in xauth-1.1.1.  I hope that version can be
packaged in time for Bookworm -- it includes a number of
subtle but important improvements.

Looking at the upstream repo at
  https://gitlab.freedesktop.org/alanc/xauth
the fix for this particular issue was applied in commit c2811c95
by Alex Gendin on Sep 26, 2020.

Triggering the bug was also made less likely with commit 18a3c3a7
by Dr. Tilmann Bubeck on Aug 20, 2020, but that change seems
incomplete in my testing.  I attach a two-line patch that
gives correct output when a file or directory in $PWD happens
to have the same name as $(hostname).

Example, starting with the buggy Debian Bullseye xauth-1.1:

guest@redacted:~/empty$ ls
guest@redacted:~/empty$ ls -l ~/.Xauthority-*
ls: cannot access '/home/guest/.Xauthority-*': No such file or directory
guest@redacted:~/empty$ xauth list $(hostname -f):0
redacted.localdomain:0  MIT-MAGIC-COOKIE-1  d41d8cd98f00b204e9800998ecf8427e
guest@redacted:~/empty$ touch $(hostname)
guest@redacted:~/empty$ xauth list $(hostname -f):0
Segmentation fault
guest@redacted:~/empty$ ls -li ~/.Xauthority-*
57941079 -rw------- 2 guest guest 0 Mar 31 13:09 /home/guest/.Xauthority-c
57941079 -rw------- 2 guest guest 0 Mar 31 13:09 /home/guest/.Xauthority-l
guest@redacted:~/empty$ 

Then xauth-1.1.1:

guest@redacted:~/empty$ ls
guest@redacted:~/empty$ ls -l ~/.Xauthority-*
ls: cannot access '/home/guest/.Xauthority-*': No such file or directory
guest@redacted:~/empty$ xauth-1.1.1 list $(hostname -f):0
redacted.localdomain:0  MIT-MAGIC-COOKIE-1  d41d8cd98f00b204e9800998ecf8427e
guest@redacted:~/empty$ touch $(hostname)
guest@redacted:~/empty$ xauth-1.1.1 list $(hostname -f):0
xauth-1.1.1: (argv):1:  bad display name "redacted.localdomain:0" in "list" command
guest@redacted:~/empty$ ls -li ~/.Xauthority-*
ls: cannot access '/home/guest/.Xauthority-*': No such file or directory

And finally my patched xauth-1.1.1:

guest@redacted:~/empty$ ls
guest@redacted:~/empty$ ls -l ~/.Xauthority-*
ls: cannot access '/home/guest/.Xauthority-*': No such file or directory
guest@redacted:~/empty$ xauth-fixed list $(hostname -f):0
redacted.localdomain:0  MIT-MAGIC-COOKIE-1  d41d8cd98f00b204e9800998ecf8427e
guest@redacted:~/empty$ touch $(hostname)
guest@redacted:~/empty$ xauth-fixed list $(hostname -f):0
redacted.localdomain:0  MIT-MAGIC-COOKIE-1  d41d8cd98f00b204e9800998ecf8427e
guest@redacted:~/empty$ ls -li ~/.Xauthority-*
ls: cannot access '/home/guest/.Xauthority-*': No such file or directory

  - Larry

--- xauth-1.1.1/parsedpy.c	2021-11-28 15:33:47.000000000 -0800
+++ xauth-1.1.1-lrd/parsedpy.c	2022-03-31 12:20:38.700070442 -0700
@@ -175,14 +175,14 @@
         strncpy(path, displayname, sizeof(path) - 1);
         path[sizeof(path) - 1] = '\0';
 #endif
-        if (0 == stat(path, &sbuf)) {
+        if (0 == stat(path, &sbuf) && S_ISSOCK(sbuf.st_mode)) {
             family = FamilyLocal;
         } else {
             char *dot = strrchr(path, '.');
             if (dot) {
                 *dot = '\0';
                 /* screen = atoi(dot + 1); */
-                if (0 == stat(path, &sbuf)) {
+                if (0 == stat(path, &sbuf) && S_ISSOCK(sbuf.st_mode)) {
                     family = FamilyLocal;
                 }
             }
Reply to: