search for: getdflt

...operations on them. X11R6.1 and earlier, however, perform no bounds checking when doing these string operations. Setuid and setgid programs which use functions provided by libX11 may allow users to obtain elevated privileges. One of the many examples of flawed code in X11R6.1, in this case from GetDflt.c reads: if (ptr = getenv("HOME")) (void) strcpy(dest, ptr); While the corrected code for this particular exammple in X11R6.3 reads: if (ptr = getenv("HOME")) { (void) strncpy(dest, ptr, len); dest[len-1] = ''\0''; Note that this code...