summaryrefslogtreecommitdiff
path: root/dix
diff options
context:
space:
mode:
authorPeter Åstrand <astrand@cendio.se>2009-02-13 10:23:28 +0100
committerPeter Hutterer <peter.hutterer@who-t.net>2009-02-16 13:28:38 +1000
commitddb8d8945d1f44d16adc366b6612eef20ae813f7 (patch)
treed40a0cf5909a20f399827005336f49a2e84ed7ba /dix
parentb735a4b4951b607e614682836f24d5fd86c1f7fb (diff)
xserver: Avoid sending uninitialized padding data over the network
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'dix')
-rw-r--r--dix/devices.c2
-rw-r--r--dix/dispatch.c18
-rw-r--r--dix/dixfonts.c2
-rw-r--r--dix/events.c10
-rw-r--r--dix/extension.c4
-rw-r--r--dix/main.c12
-rw-r--r--dix/property.c2
-rw-r--r--dix/selection.c2
-rw-r--r--dix/window.c17
9 files changed, 58 insertions, 11 deletions
diff --git a/dix/devices.c b/dix/devices.c
index 934e6952f..51d709145 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1466,6 +1466,7 @@ ProcGetModifierMapping(ClientPtr client)
if (ret != Success)
return ret;
+ memset(&rep, 0, sizeof(xGetModifierMappingReply));
rep.type = X_Reply;
rep.numKeyPerModifier = max_keys_per_mod;
rep.sequenceNumber = client->sequence;
@@ -1621,6 +1622,7 @@ ProcGetKeyboardMapping(ClientPtr client)
if (!syms)
return BadAlloc;
+ memset(&rep, 0, sizeof(xGetKeyboardMappingReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.keySymsPerKeyCode = syms->mapWidth;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 817aa17e7..a92804841 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -548,6 +548,7 @@ ProcGetWindowAttributes(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ memset(&wa, 0, sizeof(xGetWindowAttributesReply));
GetWindowAttributes(pWin, client, &wa);
WriteReplyToClient(client, sizeof(xGetWindowAttributesReply), &wa);
return(client->noClientException);
@@ -809,6 +810,7 @@ ProcGetGeometry(ClientPtr client)
xGetGeometryReply rep;
int status;
+ memset(&rep, 0, sizeof(xGetGeometryReply));
if ((status = GetGeometry(client, &rep)) != Success)
return status;
@@ -830,6 +832,7 @@ ProcQueryTree(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
+ memset(&reply, 0, sizeof(xQueryTreeReply));
reply.type = X_Reply;
reply.root = WindowTable[pWin->drawable.pScreen->myNum]->drawable.id;
reply.sequenceNumber = client->sequence;
@@ -883,6 +886,7 @@ ProcInternAtom(ClientPtr client)
if (atom != BAD_RESOURCE)
{
xInternAtomReply reply;
+ memset(&reply, 0, sizeof(xInternAtomReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -906,6 +910,7 @@ ProcGetAtomName(ClientPtr client)
if ( (str = NameForAtom(stuff->id)) )
{
len = strlen(str);
+ memset(&reply, 0, sizeof(xGetAtomNameReply));
reply.type = X_Reply;
reply.length = (len + 3) >> 2;
reply.sequenceNumber = client->sequence;
@@ -1002,6 +1007,7 @@ ProcTranslateCoords(ClientPtr client)
rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ memset(&rep, 0, sizeof(xTranslateCoordsReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -1138,7 +1144,7 @@ ProcQueryFont(ClientPtr client)
rlength = sizeof(xQueryFontReply) +
FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) +
nprotoxcistructs * sizeof(xCharInfo);
- reply = xalloc(rlength);
+ reply = xcalloc(1, rlength);
if(!reply)
{
return(BadAlloc);
@@ -1915,6 +1921,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
if (rc != Success)
return rc;
+ memset(&xgi, 0, sizeof(xGetImageReply));
if(pDraw->type == DRAWABLE_WINDOW)
{
if( /* check for being viewable */
@@ -1966,7 +1973,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
xgi.length = length;
if (im_return) {
- pBuf = xalloc(sz_xGetImageReply + length);
+ pBuf = xcalloc(1, sz_xGetImageReply + length);
if (!pBuf)
return (BadAlloc);
if (widthBytesLine == 0)
@@ -2004,7 +2011,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
length += widthBytesLine;
}
}
- if(!(pBuf = xalloc(length)))
+ if(!(pBuf = xcalloc(1, length)))
return (BadAlloc);
WriteReplyToClient(client, sizeof (xGetImageReply), &xgi);
}
@@ -2742,7 +2749,7 @@ ProcQueryColors(ClientPtr client)
xQueryColorsReply qcr;
count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2;
- prgbs = xalloc(count * sizeof(xrgb));
+ prgbs = xcalloc(1, count * sizeof(xrgb));
if(!prgbs && count)
return(BadAlloc);
if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) )
@@ -2756,6 +2763,7 @@ ProcQueryColors(ClientPtr client)
return rc;
}
}
+ memset(&qcr, 0, sizeof(xQueryColorsReply));
qcr.type = X_Reply;
qcr.length = (count * sizeof(xrgb)) >> 2;
qcr.sequenceNumber = client->sequence;
@@ -2983,6 +2991,7 @@ ProcQueryBestSize (ClientPtr client)
return rc;
(* pScreen->QueryBestSize)(stuff->class, &stuff->width,
&stuff->height, pScreen);
+ memset(&reply, 0, sizeof(xQueryBestSizeReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -3696,6 +3705,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode,
{
xError rep;
+ memset(&rep, 0, sizeof(xError));
rep.type = X_Error;
rep.sequenceNumber = client->sequence;
rep.errorCode = errorCode;
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index 7d807811c..c7fa83995 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -789,6 +789,7 @@ finish:
for (i = 0; i < nnames; i++)
stringLens += (names->length[i] <= 255) ? names->length[i] : 0;
+ memset(&reply, 0, sizeof(xListFontsReply));
reply.type = X_Reply;
reply.length = (stringLens + nnames + 3) >> 2;
reply.nFonts = nnames;
@@ -1044,6 +1045,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
err = AllocError;
break;
}
+ memset(reply + c->length, 0, length - c->length);
c->reply = reply;
c->length = length;
}
diff --git a/dix/events.c b/dix/events.c
index 4b367f736..10fa40d19 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2300,6 +2300,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
{
/* no XI event delivered. Try core event */
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
@@ -3393,6 +3394,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
if (sendCore)
{
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
}
@@ -3491,6 +3493,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
/* try core event */
if (sendCore && grab->coreGrab)
{
+ memset(&core, 0, sizeof(xEvent));
core = *xE;
core.u.u.type = XItoCoreType(xE->u.u.type);
if(core.u.u.type) {
@@ -3869,6 +3872,7 @@ CoreEnterLeaveEvent(
mask = pWin->eventMask | wOtherEventMasks(pWin);
}
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = type;
event.u.u.detail = detail;
event.u.enterLeave.time = currentTime.milliseconds;
@@ -3949,6 +3953,7 @@ DeviceEnterLeaveEvent(
/* we don't have enough bytes, so we squash flags and mode into
one byte, and use the last byte for the deviceid. */
+ memset(&event, 0, sizeof(xEvent));
devEnterLeave = (deviceEnterNotify*)&event;
devEnterLeave->type = type;
devEnterLeave->detail = detail;
@@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.focus.mode = mode;
event.u.u.type = type;
event.u.u.detail = detail;
@@ -4153,6 +4159,7 @@ ProcGetInputFocus(ClientPtr client)
if (rc != Success)
return rc;
+ memset(&rep, 0, sizeof(xGetInputFocusReply));
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -4243,6 +4250,7 @@ ProcGrabPointer(ClientPtr client)
/* at this point, some sort of reply is guaranteed. */
time = ClientTimeToServerTime(stuff->time);
+ memset(&rep, 0, sizeof(xGrabPointerReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.length = 0;
@@ -4490,6 +4498,7 @@ ProcGrabKeyboard(ClientPtr client)
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
+ memset(&rep, 0, sizeof(xGrabKeyboardReply));
result = GrabDevice(client, keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
@@ -4557,6 +4566,7 @@ ProcQueryPointer(ClientPtr client)
pSprite = mouse->spriteInfo->sprite;
if (mouse->valuator->motionHintWindow)
MaybeStopHint(mouse, client);
+ memset(&rep, 0, sizeof(xQueryPointerReply));
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.mask = mouse->button->state;
diff --git a/dix/extension.c b/dix/extension.c
index 330fd28b7..c768ccb84 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -267,7 +267,8 @@ ProcQueryExtension(ClientPtr client)
REQUEST(xQueryExtensionReq);
REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes);
-
+
+ memset(&reply, 0, sizeof(xQueryExtensionReply));
reply.type = X_Reply;
reply.length = 0;
reply.major_opcode = 0;
@@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client)
REQUEST_SIZE_MATCH(xReq);
+ memset(&reply, 0, sizeof(xListExtensionsReply));
reply.type = X_Reply;
reply.nExtensions = 0;
reply.length = 0;
diff --git a/dix/main.c b/dix/main.c
index 1c66c8622..6a45332c3 100644
--- a/dix/main.c
+++ b/dix/main.c
@@ -489,8 +489,9 @@ CreateConnectionBlock(void)
sizesofar = 0;
char *pBuf;
-
- /* Leave off the ridBase and ridMask, these must be sent with
+
+ memset(&setup, 0, sizeof(xConnSetup));
+ /* Leave off the ridBase and ridMask, these must be sent with
connection */
setup.release = VendorRelease;
@@ -529,7 +530,8 @@ CreateConnectionBlock(void)
sizesofar += i;
while (--i >= 0)
*pBuf++ = 0;
-
+
+ memset(&format, 0, sizeof(xPixmapFormat));
for (i=0; i<screenInfo.numPixmapFormats; i++)
{
format.depth = screenInfo.formats[i].depth;
@@ -541,7 +543,9 @@ CreateConnectionBlock(void)
}
connBlockScreenStart = sizesofar;
- for (i=0; i<screenInfo.numScreens; i++)
+ memset(&depth, 0, sizeof(xDepth));
+ memset(&visual, 0, sizeof(xVisualType));
+ for (i=0; i<screenInfo.numScreens; i++)
{
ScreenPtr pScreen;
DepthPtr pDepth;
diff --git a/dix/property.c b/dix/property.c
index 5bf4232ed..0929dca17 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -111,6 +111,7 @@ deliverPropertyNotifyEvent(WindowPtr pWin, int state, Atom atom)
{
xEvent event;
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = PropertyNotify;
event.u.property.window = pWin->drawable.id;
event.u.property.state = state;
@@ -479,6 +480,7 @@ ProcGetProperty(ClientPtr client)
return(BadAtom);
}
+ memset(&reply, 0, sizeof(xGetPropertyReply));
reply.type = X_Reply;
reply.sequenceNumber = client->sequence;
diff --git a/dix/selection.c b/dix/selection.c
index 1fd0d21bc..d72f381ca 100644
--- a/dix/selection.c
+++ b/dix/selection.c
@@ -243,6 +243,7 @@ ProcGetSelectionOwner(ClientPtr client)
return BadAtom;
}
+ memset(&reply, 0, sizeof(xGetSelectionOwnerReply));
reply.type = X_Reply;
reply.length = 0;
reply.sequenceNumber = client->sequence;
@@ -284,6 +285,7 @@ ProcConvertSelection(ClientPtr client)
rc = dixLookupSelection(&pSel, stuff->selection, client, DixReadAccess);
+ memset(&event, 0, sizeof(xEvent));
if (rc != Success && rc != BadMatch)
return rc;
else if (rc == Success && pSel->window != None) {
diff --git a/dix/window.c b/dix/window.c
index d4c587e3c..2a5da53ea 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -774,6 +774,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
if (SubSend(pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = CreateNotify;
event.u.createNotify.window = wid;
event.u.createNotify.parent = pParent->drawable.id;
@@ -889,9 +890,10 @@ CrushTree(WindowPtr pWin)
pParent = pChild->parent;
if (SubStrSend(pChild, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = DestroyNotify;
event.u.destroyNotify.window = pChild->drawable.id;
- DeliverEvents(pChild, &event, 1, NullWindow);
+ DeliverEvents(pChild, &event, 1, NullWindow);
}
FreeResource(pChild->drawable.id, RT_WINDOW);
pSib = pChild->nextSib;
@@ -935,9 +937,10 @@ DeleteWindow(pointer value, XID wid)
pParent = pWin->parent;
if (wid && pParent && SubStrSend(pWin, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = DestroyNotify;
event.u.destroyNotify.window = pWin->drawable.id;
- DeliverEvents(pWin, &event, 1, NullWindow);
+ DeliverEvents(pWin, &event, 1, NullWindow);
}
FreeWindowResources(pWin);
@@ -2244,6 +2247,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
(RedirectSend(pParent)
))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ConfigureRequest;
event.u.configureRequest.window = pWin->drawable.id;
if (mask & CWSibling)
@@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask))
{
xEvent eventT;
+ memset(&eventT, 0, sizeof(xEvent));
eventT.u.u.type = ResizeRequest;
eventT.u.resizeRequest.window = pWin->drawable.id;
eventT.u.resizeRequest.width = w;
@@ -2324,6 +2329,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
ActuallyDoSomething:
if (SubStrSend(pWin, pParent))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ConfigureNotify;
event.u.configureNotify.window = pWin->drawable.id;
if (pSib)
@@ -2480,6 +2486,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent,
if (WasMapped)
UnmapWindow(pWin, FALSE);
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = ReparentNotify;
event.u.reparent.window = pWin->drawable.id;
event.u.reparent.parent = pParent->drawable.id;
@@ -2640,6 +2647,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
(RedirectSend(pParent)
))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapRequest;
event.u.mapRequest.window = pWin->drawable.id;
event.u.mapRequest.parent = pParent->drawable.id;
@@ -2652,6 +2660,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
pWin->mapped = TRUE;
if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapNotify;
event.u.mapNotify.window = pWin->drawable.id;
event.u.mapNotify.override = pWin->overrideRedirect;
@@ -2726,6 +2735,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
{
if (parentRedirect && !pWin->overrideRedirect)
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapRequest;
event.u.mapRequest.window = pWin->drawable.id;
event.u.mapRequest.parent = pParent->drawable.id;
@@ -2738,6 +2748,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client)
pWin->mapped = TRUE;
if (parentNotify || StrSend(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = MapNotify;
event.u.mapNotify.window = pWin->drawable.id;
event.u.mapNotify.override = pWin->overrideRedirect;
@@ -2850,6 +2861,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure)
return(Success);
if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin))
{
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = UnmapNotify;
event.u.unmapNotify.window = pWin->drawable.id;
event.u.unmapNotify.fromConfigure = fromConfigure;
@@ -3113,6 +3125,7 @@ SendVisibilityNotify(WindowPtr pWin)
}
#endif
+ memset(&event, 0, sizeof(xEvent));
event.u.u.type = VisibilityNotify;
event.u.visibility.window = pWin->drawable.id;
event.u.visibility.state = visibility;