diff options
author | tron <tron@pkgsrc.org> | 2008-05-22 12:30:44 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2008-05-22 12:30:44 +0000 |
commit | 71b32baca1acea19bbd2d96c52780acdcb059475 (patch) | |
tree | fd25a8571f45fa248ea3d06aa9f64189e3efbf82 /x11/wterm/patches | |
parent | ecadd0218f2fbc346d0e8f836d8c6dd8904b23cc (diff) | |
download | pkgsrc-71b32baca1acea19bbd2d96c52780acdcb059475.tar.gz |
Don't try to use the X11 display ":0" if the display not defined because
":0" might not belong to current user. This fixes CVE-2008-1142.
Diffstat (limited to 'x11/wterm/patches')
-rw-r--r-- | x11/wterm/patches/patch-af | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/x11/wterm/patches/patch-af b/x11/wterm/patches/patch-af new file mode 100644 index 00000000000..223e200fe92 --- /dev/null +++ b/x11/wterm/patches/patch-af @@ -0,0 +1,17 @@ +$NetBSD: patch-af,v 1.1 2008/05/22 12:30:44 tron Exp $ + +--- src/main.c.orig 2001-08-17 05:47:41.000000000 +0100 ++++ src/main.c 2008-05-22 13:20:38.000000000 +0100 +@@ -1444,8 +1444,10 @@ + /* + * Open display, get options/resources and create the window + */ +- if ((display_name = getenv("DISPLAY")) == NULL) +- display_name = ":0"; ++ if ((display_name = getenv("DISPLAY")) == NULL) { ++ print_error("display not defined"); ++ exit(EXIT_FAILURE); ++ } + + get_options(argc, argv); + |