diff options
author | Peter Åstrand <astrand@cendio.se> | 2009-02-13 10:23:28 +0100 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2009-02-16 13:28:38 +1000 |
commit | ddb8d8945d1f44d16adc366b6612eef20ae813f7 (patch) | |
tree | d40a0cf5909a20f399827005336f49a2e84ed7ba /dix | |
parent | b735a4b4951b607e614682836f24d5fd86c1f7fb (diff) |
xserver: Avoid sending uninitialized padding data over the network
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'dix')
-rw-r--r-- | dix/devices.c | 2 | ||||
-rw-r--r-- | dix/dispatch.c | 18 | ||||
-rw-r--r-- | dix/dixfonts.c | 2 | ||||
-rw-r--r-- | dix/events.c | 10 | ||||
-rw-r--r-- | dix/extension.c | 4 | ||||
-rw-r--r-- | dix/main.c | 12 | ||||
-rw-r--r-- | dix/property.c | 2 | ||||
-rw-r--r-- | dix/selection.c | 2 | ||||
-rw-r--r-- | dix/window.c | 17 |
9 files changed, 58 insertions, 11 deletions
diff --git a/dix/devices.c b/dix/devices.c index 934e6952f..51d709145 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -1466,6 +1466,7 @@ ProcGetModifierMapping(ClientPtr client) if (ret != Success) return ret; + memset(&rep, 0, sizeof(xGetModifierMappingReply)); rep.type = X_Reply; rep.numKeyPerModifier = max_keys_per_mod; rep.sequenceNumber = client->sequence; @@ -1621,6 +1622,7 @@ ProcGetKeyboardMapping(ClientPtr client) if (!syms) return BadAlloc; + memset(&rep, 0, sizeof(xGetKeyboardMappingReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.keySymsPerKeyCode = syms->mapWidth; diff --git a/dix/dispatch.c b/dix/dispatch.c index 817aa17e7..a92804841 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -548,6 +548,7 @@ ProcGetWindowAttributes(ClientPtr client) rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess); if (rc != Success) return rc; + memset(&wa, 0, sizeof(xGetWindowAttributesReply)); GetWindowAttributes(pWin, client, &wa); WriteReplyToClient(client, sizeof(xGetWindowAttributesReply), &wa); return(client->noClientException); @@ -809,6 +810,7 @@ ProcGetGeometry(ClientPtr client) xGetGeometryReply rep; int status; + memset(&rep, 0, sizeof(xGetGeometryReply)); if ((status = GetGeometry(client, &rep)) != Success) return status; @@ -830,6 +832,7 @@ ProcQueryTree(ClientPtr client) rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess); if (rc != Success) return rc; + memset(&reply, 0, sizeof(xQueryTreeReply)); reply.type = X_Reply; reply.root = WindowTable[pWin->drawable.pScreen->myNum]->drawable.id; reply.sequenceNumber = client->sequence; @@ -883,6 +886,7 @@ ProcInternAtom(ClientPtr client) if (atom != BAD_RESOURCE) { xInternAtomReply reply; + memset(&reply, 0, sizeof(xInternAtomReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -906,6 +910,7 @@ ProcGetAtomName(ClientPtr client) if ( (str = NameForAtom(stuff->id)) ) { len = strlen(str); + memset(&reply, 0, sizeof(xGetAtomNameReply)); reply.type = X_Reply; reply.length = (len + 3) >> 2; reply.sequenceNumber = client->sequence; @@ -1002,6 +1007,7 @@ ProcTranslateCoords(ClientPtr client) rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess); if (rc != Success) return rc; + memset(&rep, 0, sizeof(xTranslateCoordsReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -1138,7 +1144,7 @@ ProcQueryFont(ClientPtr client) rlength = sizeof(xQueryFontReply) + FONTINFONPROPS(FONTCHARSET(pFont)) * sizeof(xFontProp) + nprotoxcistructs * sizeof(xCharInfo); - reply = xalloc(rlength); + reply = xcalloc(1, rlength); if(!reply) { return(BadAlloc); @@ -1915,6 +1921,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, if (rc != Success) return rc; + memset(&xgi, 0, sizeof(xGetImageReply)); if(pDraw->type == DRAWABLE_WINDOW) { if( /* check for being viewable */ @@ -1966,7 +1973,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, xgi.length = length; if (im_return) { - pBuf = xalloc(sz_xGetImageReply + length); + pBuf = xcalloc(1, sz_xGetImageReply + length); if (!pBuf) return (BadAlloc); if (widthBytesLine == 0) @@ -2004,7 +2011,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, length += widthBytesLine; } } - if(!(pBuf = xalloc(length))) + if(!(pBuf = xcalloc(1, length))) return (BadAlloc); WriteReplyToClient(client, sizeof (xGetImageReply), &xgi); } @@ -2742,7 +2749,7 @@ ProcQueryColors(ClientPtr client) xQueryColorsReply qcr; count = ((client->req_len << 2) - sizeof(xQueryColorsReq)) >> 2; - prgbs = xalloc(count * sizeof(xrgb)); + prgbs = xcalloc(1, count * sizeof(xrgb)); if(!prgbs && count) return(BadAlloc); if( (rc = QueryColors(pcmp, count, (Pixel *)&stuff[1], prgbs)) ) @@ -2756,6 +2763,7 @@ ProcQueryColors(ClientPtr client) return rc; } } + memset(&qcr, 0, sizeof(xQueryColorsReply)); qcr.type = X_Reply; qcr.length = (count * sizeof(xrgb)) >> 2; qcr.sequenceNumber = client->sequence; @@ -2983,6 +2991,7 @@ ProcQueryBestSize (ClientPtr client) return rc; (* pScreen->QueryBestSize)(stuff->class, &stuff->width, &stuff->height, pScreen); + memset(&reply, 0, sizeof(xQueryBestSizeReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -3696,6 +3705,7 @@ SendErrorToClient(ClientPtr client, unsigned majorCode, unsigned minorCode, { xError rep; + memset(&rep, 0, sizeof(xError)); rep.type = X_Error; rep.sequenceNumber = client->sequence; rep.errorCode = errorCode; diff --git a/dix/dixfonts.c b/dix/dixfonts.c index 7d807811c..c7fa83995 100644 --- a/dix/dixfonts.c +++ b/dix/dixfonts.c @@ -789,6 +789,7 @@ finish: for (i = 0; i < nnames; i++) stringLens += (names->length[i] <= 255) ? names->length[i] : 0; + memset(&reply, 0, sizeof(xListFontsReply)); reply.type = X_Reply; reply.length = (stringLens + nnames + 3) >> 2; reply.nFonts = nnames; @@ -1044,6 +1045,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c) err = AllocError; break; } + memset(reply + c->length, 0, length - c->length); c->reply = reply; c->length = length; } diff --git a/dix/events.c b/dix/events.c index 4b367f736..10fa40d19 100644 --- a/dix/events.c +++ b/dix/events.c @@ -2300,6 +2300,7 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab, { /* no XI event delivered. Try core event */ + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); @@ -3393,6 +3394,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count) if (sendCore) { + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); } @@ -3491,6 +3493,7 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev, /* try core event */ if (sendCore && grab->coreGrab) { + memset(&core, 0, sizeof(xEvent)); core = *xE; core.u.u.type = XItoCoreType(xE->u.u.type); if(core.u.u.type) { @@ -3869,6 +3872,7 @@ CoreEnterLeaveEvent( mask = pWin->eventMask | wOtherEventMasks(pWin); } + memset(&event, 0, sizeof(xEvent)); event.u.u.type = type; event.u.u.detail = detail; event.u.enterLeave.time = currentTime.milliseconds; @@ -3949,6 +3953,7 @@ DeviceEnterLeaveEvent( /* we don't have enough bytes, so we squash flags and mode into one byte, and use the last byte for the deviceid. */ + memset(&event, 0, sizeof(xEvent)); devEnterLeave = (deviceEnterNotify*)&event; devEnterLeave->type = type; devEnterLeave->detail = detail; @@ -3990,6 +3995,7 @@ CoreFocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin) { xEvent event; + memset(&event, 0, sizeof(xEvent)); event.u.focus.mode = mode; event.u.u.type = type; event.u.u.detail = detail; @@ -4153,6 +4159,7 @@ ProcGetInputFocus(ClientPtr client) if (rc != Success) return rc; + memset(&rep, 0, sizeof(xGetInputFocusReply)); rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; @@ -4243,6 +4250,7 @@ ProcGrabPointer(ClientPtr client) /* at this point, some sort of reply is guaranteed. */ time = ClientTimeToServerTime(stuff->time); + memset(&rep, 0, sizeof(xGrabPointerReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.length = 0; @@ -4490,6 +4498,7 @@ ProcGrabKeyboard(ClientPtr client) REQUEST_SIZE_MATCH(xGrabKeyboardReq); + memset(&rep, 0, sizeof(xGrabKeyboardReply)); result = GrabDevice(client, keyboard, stuff->keyboardMode, stuff->pointerMode, stuff->grabWindow, stuff->ownerEvents, stuff->time, @@ -4557,6 +4566,7 @@ ProcQueryPointer(ClientPtr client) pSprite = mouse->spriteInfo->sprite; if (mouse->valuator->motionHintWindow) MaybeStopHint(mouse, client); + memset(&rep, 0, sizeof(xQueryPointerReply)); rep.type = X_Reply; rep.sequenceNumber = client->sequence; rep.mask = mouse->button->state; diff --git a/dix/extension.c b/dix/extension.c index 330fd28b7..c768ccb84 100644 --- a/dix/extension.c +++ b/dix/extension.c @@ -267,7 +267,8 @@ ProcQueryExtension(ClientPtr client) REQUEST(xQueryExtensionReq); REQUEST_FIXED_SIZE(xQueryExtensionReq, stuff->nbytes); - + + memset(&reply, 0, sizeof(xQueryExtensionReply)); reply.type = X_Reply; reply.length = 0; reply.major_opcode = 0; @@ -301,6 +302,7 @@ ProcListExtensions(ClientPtr client) REQUEST_SIZE_MATCH(xReq); + memset(&reply, 0, sizeof(xListExtensionsReply)); reply.type = X_Reply; reply.nExtensions = 0; reply.length = 0; diff --git a/dix/main.c b/dix/main.c index 1c66c8622..6a45332c3 100644 --- a/dix/main.c +++ b/dix/main.c @@ -489,8 +489,9 @@ CreateConnectionBlock(void) sizesofar = 0; char *pBuf; - - /* Leave off the ridBase and ridMask, these must be sent with + + memset(&setup, 0, sizeof(xConnSetup)); + /* Leave off the ridBase and ridMask, these must be sent with connection */ setup.release = VendorRelease; @@ -529,7 +530,8 @@ CreateConnectionBlock(void) sizesofar += i; while (--i >= 0) *pBuf++ = 0; - + + memset(&format, 0, sizeof(xPixmapFormat)); for (i=0; i<screenInfo.numPixmapFormats; i++) { format.depth = screenInfo.formats[i].depth; @@ -541,7 +543,9 @@ CreateConnectionBlock(void) } connBlockScreenStart = sizesofar; - for (i=0; i<screenInfo.numScreens; i++) + memset(&depth, 0, sizeof(xDepth)); + memset(&visual, 0, sizeof(xVisualType)); + for (i=0; i<screenInfo.numScreens; i++) { ScreenPtr pScreen; DepthPtr pDepth; diff --git a/dix/property.c b/dix/property.c index 5bf4232ed..0929dca17 100644 --- a/dix/property.c +++ b/dix/property.c @@ -111,6 +111,7 @@ deliverPropertyNotifyEvent(WindowPtr pWin, int state, Atom atom) { xEvent event; + memset(&event, 0, sizeof(xEvent)); event.u.u.type = PropertyNotify; event.u.property.window = pWin->drawable.id; event.u.property.state = state; @@ -479,6 +480,7 @@ ProcGetProperty(ClientPtr client) return(BadAtom); } + memset(&reply, 0, sizeof(xGetPropertyReply)); reply.type = X_Reply; reply.sequenceNumber = client->sequence; diff --git a/dix/selection.c b/dix/selection.c index 1fd0d21bc..d72f381ca 100644 --- a/dix/selection.c +++ b/dix/selection.c @@ -243,6 +243,7 @@ ProcGetSelectionOwner(ClientPtr client) return BadAtom; } + memset(&reply, 0, sizeof(xGetSelectionOwnerReply)); reply.type = X_Reply; reply.length = 0; reply.sequenceNumber = client->sequence; @@ -284,6 +285,7 @@ ProcConvertSelection(ClientPtr client) rc = dixLookupSelection(&pSel, stuff->selection, client, DixReadAccess); + memset(&event, 0, sizeof(xEvent)); if (rc != Success && rc != BadMatch) return rc; else if (rc == Success && pSel->window != None) { diff --git a/dix/window.c b/dix/window.c index d4c587e3c..2a5da53ea 100644 --- a/dix/window.c +++ b/dix/window.c @@ -774,6 +774,7 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, if (SubSend(pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = CreateNotify; event.u.createNotify.window = wid; event.u.createNotify.parent = pParent->drawable.id; @@ -889,9 +890,10 @@ CrushTree(WindowPtr pWin) pParent = pChild->parent; if (SubStrSend(pChild, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = DestroyNotify; event.u.destroyNotify.window = pChild->drawable.id; - DeliverEvents(pChild, &event, 1, NullWindow); + DeliverEvents(pChild, &event, 1, NullWindow); } FreeResource(pChild->drawable.id, RT_WINDOW); pSib = pChild->nextSib; @@ -935,9 +937,10 @@ DeleteWindow(pointer value, XID wid) pParent = pWin->parent; if (wid && pParent && SubStrSend(pWin, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = DestroyNotify; event.u.destroyNotify.window = pWin->drawable.id; - DeliverEvents(pWin, &event, 1, NullWindow); + DeliverEvents(pWin, &event, 1, NullWindow); } FreeWindowResources(pWin); @@ -2244,6 +2247,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) (RedirectSend(pParent) )) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ConfigureRequest; event.u.configureRequest.window = pWin->drawable.id; if (mask & CWSibling) @@ -2278,6 +2282,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) if (size_change && ((pWin->eventMask|wOtherEventMasks(pWin)) & ResizeRedirectMask)) { xEvent eventT; + memset(&eventT, 0, sizeof(xEvent)); eventT.u.u.type = ResizeRequest; eventT.u.resizeRequest.window = pWin->drawable.id; eventT.u.resizeRequest.width = w; @@ -2324,6 +2329,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) ActuallyDoSomething: if (SubStrSend(pWin, pParent)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ConfigureNotify; event.u.configureNotify.window = pWin->drawable.id; if (pSib) @@ -2480,6 +2486,7 @@ ReparentWindow(WindowPtr pWin, WindowPtr pParent, if (WasMapped) UnmapWindow(pWin, FALSE); + memset(&event, 0, sizeof(xEvent)); event.u.u.type = ReparentNotify; event.u.reparent.window = pWin->drawable.id; event.u.reparent.parent = pParent->drawable.id; @@ -2640,6 +2647,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) (RedirectSend(pParent) )) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapRequest; event.u.mapRequest.window = pWin->drawable.id; event.u.mapRequest.parent = pParent->drawable.id; @@ -2652,6 +2660,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) pWin->mapped = TRUE; if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapNotify; event.u.mapNotify.window = pWin->drawable.id; event.u.mapNotify.override = pWin->overrideRedirect; @@ -2726,6 +2735,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client) { if (parentRedirect && !pWin->overrideRedirect) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapRequest; event.u.mapRequest.window = pWin->drawable.id; event.u.mapRequest.parent = pParent->drawable.id; @@ -2738,6 +2748,7 @@ MapSubwindows(WindowPtr pParent, ClientPtr client) pWin->mapped = TRUE; if (parentNotify || StrSend(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = MapNotify; event.u.mapNotify.window = pWin->drawable.id; event.u.mapNotify.override = pWin->overrideRedirect; @@ -2850,6 +2861,7 @@ UnmapWindow(WindowPtr pWin, Bool fromConfigure) return(Success); if (SubStrSend(pWin, pParent) && MapUnmapEventsEnabled(pWin)) { + memset(&event, 0, sizeof(xEvent)); event.u.u.type = UnmapNotify; event.u.unmapNotify.window = pWin->drawable.id; event.u.unmapNotify.fromConfigure = fromConfigure; @@ -3113,6 +3125,7 @@ SendVisibilityNotify(WindowPtr pWin) } #endif + memset(&event, 0, sizeof(xEvent)); event.u.u.type = VisibilityNotify; event.u.visibility.window = pWin->drawable.id; event.u.visibility.state = visibility; |