Hardcoded buffer size in gksu-run-helper
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libgksu (Ubuntu) |
Fix Released
|
Medium
|
Michael Vogt | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
In the main function of the "gksu-run-helper" program, there is a buffer
allocated with a hardcoded size of 255 bytes for reading the three
"gksu-run:" lines passed on stdin by gksu_su_full(). If for example the
middle line (containing the sn_id) is more than 255 characters long,
the tool gets confused and doesn't read the last line (containing the
xauth) correctly, leading to an incorrect xauth cookie being set, and
the su:ed program fails to connect to the X server.
This is not a theoretical scenario; when clicking on the Install button
in update-manager, the line with the sn_id becomes 269 characters
(including the terminating newline) on my system. This is because
the entire synaptic command line (containing several arguments to
set prompt strings and whatnot) is used to generate the id.
Simply increasing the buffer size to 511 bytes fixes my update-manager
problem, but this code should be rewritten not to rely on sn_id being
some fixed maximum length.
A reminder: This bug still exists in version 2.0.5-1ubuntu6. And it still prevents
update-manager from working correctly.