| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Needed for builds on NetBSD to work correctly, since it depends on
AC_USE_SYSTEM_EXTENSIONS defining _OPENBSD_SOURCE to expose the
prototype for reallocarray() in the system headers.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
While .Xauthority files should never be more than 2gb in size,
they may be stored on filesystems with large inodes.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
This makes it more consistent with the rest of the spec,
as well as making it correcter: "[n]list" isn't a valid command,
"list" and "nlist" are
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
|
|
process.c:659:57: warning: suggest braces around empty body in an ‘if’ statement
[-Wempty-body]
#define WRITES(fd, S) {if(write((fd), (S), strlen((S))));}
^
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Regroup AC statements under the Autoconf initialization section.
Regroup AM statements under the Automake initialization section.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
Extend work done in commit 18a3c3a to earlier in the socket detection process
Fixes issue #6.
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Reported by Oracle Parfait:
Error: Buffer overrun
Buffer overflow [buffer-overflow] (CWE 120):
In pointer dereference of key[(len - 1)] with index (len - 1)
Array size >= 1 bytes, index >= 1
at line 1647 of process.c in function 'do_add'.
Error: Buffer overrun
Buffer overflow [buffer-overflow] (CWE 120):
In pointer dereference of authdata[(authdatalen - 1)] with index (authdatalen - 1)
Array size is ??? bytes, index is ???
at line 1965 of process.c in function 'do_generate'.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Copied from libX11/configure.ac
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Add test_xauth to EXTRA_DIST
Add test output files to CLEANFILES
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
|
|
Replaced by a shell script with the needed functionality.
|
|
there is no need to hard depend on bash given almost all the code is
/bin/sh compliant
Remove the function keyword from setup-source to make it /bin/sh
compliant
pipe wc -l output to xargs to make the command output compatible with
both GNU wc and BSD wc (which prefix the output with a tab)
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
This patch potentially fixes bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884934
System log entries when this bug occurs:
kernel: xauth[16729]: segfault at 1 ip 00007f51f517f5a5 sp 00007ffdec846568 error 4
in libc-2.31.so[7f51f5102000+144000]
kernel: Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0
0f 49 29 d0 48 8d 7c 17 31 e9 8f 0b 00 00 66 0f ef c0 <f3> 0f 6f 0e f3
0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f
This bug happens when function get_address_info() in gethost.c is called
with a display name without forward slash, for example 'myhost.mydomain:0'
|
|
Fixes warnings like
warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'authdata' where non-null expected
Found-by: gcc static analysis
Signed-off-by: Karol Herbst <kherbst@redhat.com>
|
|
This fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=1870201
|
|
Reported by Oracle Parfait:
Error: Memory leak
Memory leak [memory-leak] (CWE 401):
Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
at line 1955 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
at line 1971 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
authdata leaks when (i + 1) >= argc at line 1910.
at line 1980 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
authdata leaks when (i + 1) >= argc at line 1910.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Reported by Oracle Parfait:
Error: Memory leak
Memory leak [memory-leak] (CWE 401):
Memory leak of pointer argv allocated with malloc(32)
at line 283 of process.c in function 'split_into_words'.
argv allocated at line 264 with malloc(32)
argv leaks when cur == total at line 280.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If an -f argument is exactly 1022 characters in size, an off-by-one
stack overflow happens in auth_finalize. The overflow could be even
larger if locks are ignored for authentication files.
Make sure that a given authentication file name fits into temporary
buffer and that this buffer matches buffer sizes of libXau which is
used by xauth.
|
|
The hex key supplied with an add command can be quoted, in which
case the quotation marks are removed.
The check itself makes sure that a given string starts with a
double quotation mark and ends with a double quotation mark.
Buf if only " is supplied, the code crashes because it subtracts
2 from the length (which is 1) and therefore copies too much
memory into a 0 allocated memory area.
Proof of concept:
$ xauth add :0 0 \"
|
|
|
|
unlink()ing the old auth file before link()ing the temp to the new is
just silly. rename() is atomic and will happily clobber the destination,
and the only thing link() can give you here is the ability to fail on
filesystems that don't support hardlinks.
Fixes: xorg/app/xauth#2
|
|
There is no point in adding entry or merging lists if a FamilyWild entry would
end in front of any entry, or entry without display number would end in front
of entry with number.
This sorts all entries in order:
* FamilyWild without display number
* FamilyWild with display number
* Other family without display number
* Other family with display number
The order of the entries in each category is kept.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Merging two lists, or adding entry a into list acts unexpectedly if the list
contains FamilyWild or entry with an empty display numbers. For example:
> xauth list
#ffff#6f70656e737573652d74756d626c6577656564#: MIT-MAGIC-COOKIE-1 1500d80327733252cc42ba469138a259
> xauth add test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
> xauth list
test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
This is because merge_entries compares entries using `match_auth`, which
follows the same rules as XauGetBestAuthByAddr. Following these rules is good
when filtering the output of `xauth list`, but for merging we should compare
for equality. It used to be done that way before commit 1555fff4. That commit
changed it to improve the `xauth list` behavior, but did not seem consider the
impact on merge.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Needs to match one of the regexps shown under
https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/Warning-Options.html#index-Wimplicit-fallthrough
Silences warning from gcc 7.3:
process.c: In function ‘dump_entry’:
process.c:1007:9: warning: this statement may fall through [-Wimplicit-fallthrough=]
if (dpyname) {
^
process.c:1012:4: note: here
default:
^~~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
Otherwise make check fails if make hasn't previously been run.
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
|
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
|
|
Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Syncs the invocation of configure with the one from the server.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
|
|
See http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
See xserver commit 4bf3eac5fe20f
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
This option is mentioned in the man page, but not in the help text
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
|
|
Fix error in the !HAVE_STRLCPY case, introduced in commit
f990dd936b5fd1a40290bb88cde517a0ac38f823
It seems that "path[sizeof(path) - 1]" rather than "buf[sizeof(path) - 1]" must
be meant here, especially as the second instance doesn't even compile...
parsedpy.c: In function ‘parse_displayname’:
parsedpy.c:176:9: error: ‘buf’ undeclared (first use in this function)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
