Tobias Stoeckmann authored May 03, 2020 and Alan Coopersmith committed May 10, 2020

If an -f argument is exactly 1022 characters in size, an off-by-one
stack overflow happens in auth_finalize. The overflow could be even
larger if locks are ignored for authentication files.

Make sure that a given authentication file name fits into temporary
buffer and that this buffer matches buffer sizes of libXau which is
used by xauth.