xlock vulnerability

[bind <bind () SUBTERRAIN NET>]

Hello,

A format bug exists in all X11R6 xlock's handling of the display ('-d') option.

(bind@cassius ~) $ xlock -d %x%x%x%x%x
xlock: unable to open display dfbfd958402555e1ea748dfbfd958dfbfd654.

Systems that we tested that were vulnerable included OpenBSD 2.7, FreeBSD
4.1 and Slackware 7.1.

The patch is attached.

        -bind

Attachment: xlock.c.diff
Description: