| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
| |
Found by using:
codespell --builtin clear,rare,usage,informal,code,names
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch potentially fixes bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884934
System log entries when this bug occurs:
kernel: xauth[16729]: segfault at 1 ip 00007f51f517f5a5 sp 00007ffdec846568 error 4
in libc-2.31.so[7f51f5102000+144000]
kernel: Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0
0f 49 29 d0 48 8d 7c 17 31 e9 8f 0b 00 00 66 0f ef c0 <f3> 0f 6f 0e f3
0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f
This bug happens when function get_address_info() in gethost.c is called
with a display name without forward slash, for example 'myhost.mydomain:0'
|
| |
|
|
|
|
|
|
|
| |
Fixes warnings like
warning[-Wanalyzer-possible-null-argument]: use of possibly-NULL 'authdata' where non-null expected
Found-by: gcc static analysis
Signed-off-by: Karol Herbst <kherbst@redhat.com>
|
| |
|
|
| |
This fixes bug https://bugzilla.redhat.com/show_bug.cgi?id=1870201
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported by Oracle Parfait:
Error: Memory leak
Memory leak [memory-leak] (CWE 401):
Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
at line 1955 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
at line 1971 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
authdata leaks when (i + 1) >= argc at line 1910.
at line 1980 of process.c in function 'do_generate'.
authdata allocated at line 1946 with malloc((authdatalen - 1))
authdata leaks when (i + 1) >= argc at line 1910.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reported by Oracle Parfait:
Error: Memory leak
Memory leak [memory-leak] (CWE 401):
Memory leak of pointer argv allocated with malloc(32)
at line 283 of process.c in function 'split_into_words'.
argv allocated at line 264 with malloc(32)
argv leaks when cur == total at line 280.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
|
|
|
| |
If an -f argument is exactly 1022 characters in size, an off-by-one
stack overflow happens in auth_finalize. The overflow could be even
larger if locks are ignored for authentication files.
Make sure that a given authentication file name fits into temporary
buffer and that this buffer matches buffer sizes of libXau which is
used by xauth.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The hex key supplied with an add command can be quoted, in which
case the quotation marks are removed.
The check itself makes sure that a given string starts with a
double quotation mark and ends with a double quotation mark.
Buf if only " is supplied, the code crashes because it subtracts
2 from the length (which is 1) and therefore copies too much
memory into a 0 allocated memory area.
Proof of concept:
$ xauth add :0 0 \"
|
| | |
|
| |
|
|
|
|
|
|
|
| |
unlink()ing the old auth file before link()ing the temp to the new is
just silly. rename() is atomic and will happily clobber the destination,
and the only thing link() can give you here is the ability to fail on
filesystems that don't support hardlinks.
Fixes: xorg/app/xauth#2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is no point in adding entry or merging lists if a FamilyWild entry would
end in front of any entry, or entry without display number would end in front
of entry with number.
This sorts all entries in order:
* FamilyWild without display number
* FamilyWild with display number
* Other family without display number
* Other family with display number
The order of the entries in each category is kept.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merging two lists, or adding entry a into list acts unexpectedly if the list
contains FamilyWild or entry with an empty display numbers. For example:
> xauth list
#ffff#6f70656e737573652d74756d626c6577656564#: MIT-MAGIC-COOKIE-1 1500d80327733252cc42ba469138a259
> xauth add test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
> xauth list
test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
This is because merge_entries compares entries using `match_auth`, which
follows the same rules as XauGetBestAuthByAddr. Following these rules is good
when filtering the output of `xauth list`, but for merging we should compare
for equality. It used to be done that way before commit 1555fff4. That commit
changed it to improve the `xauth list` behavior, but did not seem consider the
impact on merge.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Needs to match one of the regexps shown under
https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/Warning-Options.html#index-Wimplicit-fallthrough
Silences warning from gcc 7.3:
process.c: In function ‘dump_entry’:
process.c:1007:9: warning: this statement may fall through [-Wimplicit-fallthrough=]
if (dpyname) {
^
process.c:1012:4: note: here
default:
^~~~~~~
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
| |
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
| |
|
|
|
|
| |
Otherwise make check fails if make hasn't previously been run.
Signed-off-by: Matt Turner <mattst88@gmail.com>
|
| |
|
|
| |
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
|
| |
|
|
|
|
|
|
|
| |
Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
| |
|
|
|
|
|
| |
Syncs the invocation of configure with the one from the server.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
|
| |
|
|
|
|
| |
See http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
| |
See xserver commit 4bf3eac5fe20f
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
| |
|
|
|
|
|
| |
This option is mentioned in the man page, but not in the help text
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
| |
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix error in the !HAVE_STRLCPY case, introduced in commit
f990dd936b5fd1a40290bb88cde517a0ac38f823
It seems that "path[sizeof(path) - 1]" rather than "buf[sizeof(path) - 1]" must
be meant here, especially as the second instance doesn't even compile...
parsedpy.c: In function ‘parse_displayname’:
parsedpy.c:176:9: error: ‘buf’ undeclared (first use in this function)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
| |
|
|
| |
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If xauth must store its XAUTHORITY file on a file system which is
full, it will be unable to write the changes. This condition was
not detected and therefore often the whole XAUTHORITY file was
cleared. Here is the fix.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=21260
Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>
|
| |
|
|
|
|
| |
Changed clone URL and improved text. Removed section GARBAGE.
Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>
|
| |
|
|
|
|
|
| |
Minor change in README to include 1.0.9 in diff so that release.sh
is happy.
Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>
|
| |
|
|
|
|
| |
Minor change in README to push the version bump.
Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>
|
| |
|
|
|
|
|
|
|
|
| |
The tests/Makefile.am missed the EXTRA_DIST definition which resulted in
missing files for the test done with "make check". This was fixed.
README was extended to describe howto release a new version of this
software and to clarify something from ReleaseHOWTO of x.org.
Prepare anything for releasing 1.0.9.
Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>
|
| |
|
|
|
|
| |
Prepare for a new version 1.0.9 of xauth.
Signed-off-by: Dr. Tilmann Bubeck <t.bubeck@reinform.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required on Solaris to expose definitions in system headers that
are not defined in the XPG standards now that xtrans 1.3 defines
_XOPEN_SOURCE to 600 on Solaris.
Fixes build failures:
gethost.c: In function ‘get_hostname’:
gethost.c:97:21: error: ‘INET6_ADDRSTRLEN’ undeclared (first use in this function)
gethost.c:97:21: note: each undeclared identifier is reported only once for each function it appears in
gethost.c:97:16: warning: unused variable ‘addr’ [-Wunused-variable]
gethost.c: In function ‘get_address_info’:
gethost.c:196:9: error: implicit declaration of function ‘strlcpy’ [-Werror=implicit-function-declaration]
gethost.c:196:9: warning: nested extern declaration of ‘strlcpy’ [-Wnested-externs]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
|
| | |
|
| |
|
|
|
| |
only used during "make check".
* perror out, if test_xauth does not find "cmdtest".
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Xlib (xcb) uses XauGetBestAuthByAddr() when looking for an
authorization. 'xauth [n]list $DISPLAY' used a slightly
stricter algorithm which doesn't find a possible authorization
for cases where either the family is set to FamilyWild or
address the address length is 0.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Handling of v4-mapped inet6 addresses has been introduced
with commit 58140dbbd39389ad6af58e201e055f3d4b92d368:
Look for FamilyLocal if inet or inet6 address is loopback
These adresses should be treated as inet addresses. This patch
makes the code consistent with the handling if xcb_auth.c in
libxcb.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxcb uses FamilyLocal authorization if the host name or IP in the
display string is from the loopback device. This patch adds the same
behavior to xauth.
This fixes a long standing problem that for ssh tunneled connections
a display variable of the form: localhost:<N>.<M> leads to correct
authorization when an X client is started but "xauth list $DISPLAY"
returns nothing.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
| |
|
|
| |
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
