From e3cad27560774ca1a5587d26900c1bd09bad7dfc Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 14 Jan 2020 22:23:15 +0100 Subject: Remove support for XA_IP_ADDRESS This code has a number of issues: - It doesn't support IPv6 https://bugs.freedesktop.org/show_bug.cgi?id=7611 - The IP address is set by the selection owner so it doesn't bring any security for anyone querying the selection - The extra DNS query that it does is problematic in some sandboxed environments (like OpenBSD's pledge https://marc.info/?l=openbsd-bugs&m=157842725819911&w=2) Signed-off-by: Matthieu Herrb Signed-off-by: Alan Coopersmith --- configure.ac | 4 ---- doc/Xmu.xml | 2 +- src/CvtStdSel.c | 30 ++---------------------------- 3 files changed, 3 insertions(+), 33 deletions(-) diff --git a/configure.ac b/configure.ac index 68f685f..1ac8612 100644 --- a/configure.ac +++ b/configure.ac @@ -32,10 +32,6 @@ XORG_CHECK_SGML_DOCTOOLS(1.8) PKG_CHECK_MODULES(XMU, xt xext x11 xextproto) PKG_CHECK_MODULES(XMUU, x11) -# CvtStdSel.c needs to know which network transports to build hostname -# conversion routines for -XTRANS_CONNECTION_FLAGS - # Checks for library functions. AC_REPLACE_FUNCS([reallocarray]) diff --git a/doc/Xmu.xml b/doc/Xmu.xml index 2d363a9..fdd60e0 100644 --- a/doc/Xmu.xml +++ b/doc/Xmu.xml @@ -1442,7 +1442,7 @@ returns the size in bits of the elements This function converts the following standard selections: CLASS, -CLIENT_WINDOW, DECNET_ADDRESS, HOSTNAME, IP_ADDRESS, NAME, OWNER_OS, +CLIENT_WINDOW, DECNET_ADDRESS, HOSTNAME, NAME, OWNER_OS, TARGETS, TIMESTAMP, and USER. It returns True if the conversion was successful, else it returns diff --git a/src/CvtStdSel.c b/src/CvtStdSel.c index 4865658..177de1b 100644 --- a/src/CvtStdSel.c +++ b/src/CvtStdSel.c @@ -46,7 +46,6 @@ in this Software without prior written authorization from The Open Group. #ifdef WIN32 #include -#define XOS_USE_MTSAFE_NETDBAPI #else #ifndef Lynx #include @@ -56,7 +55,6 @@ in this Software without prior written authorization from The Open Group. #endif #define XOS_USE_XT_LOCKING #endif -#define X_INCLUDE_NETDB_H #include #include @@ -213,29 +211,6 @@ XmuConvertStandardSelection(Widget w, Time time, Atom *selection, Atom *target, *format = 8; return True; } -#if defined(TCPCONN) - if (*target == XA_IP_ADDRESS(d)) { - char hostname[1024]; -#ifdef XTHREADS_NEEDS_BYNAMEPARAMS - _Xgethostbynameparams hparams; -#endif - struct hostent *hostp; - - hostname[0] = '\0'; - (void) XmuGetHostname (hostname, sizeof hostname); - - if ((hostp = _XGethostbyname (hostname,hparams)) == NULL) - return False; - - if (hostp->h_addrtype != AF_INET) return False; - *length = hostp->h_length; - *value = XtMalloc(*length); - (void) memmove (*value, hostp->h_addr, *length); - *type = XA_NET_ADDRESS(d); - *format = 8; - return True; - } -#endif if (*target == XA_USER(d)) { char *name = (char*)getenv("USER"); if (name == NULL) return False; @@ -302,15 +277,14 @@ XmuConvertStandardSelection(Widget w, Time time, Atom *selection, Atom *target, } if (*target == XA_TARGETS(d)) { #if defined(unix) -# define NUM_TARGETS 8 -#else # define NUM_TARGETS 7 +#else +# define NUM_TARGETS 6 #endif Atom* std_targets = (Atom*)XtMalloc(NUM_TARGETS*sizeof(Atom)); int i = 0; std_targets[i++] = XA_TIMESTAMP(d); std_targets[i++] = XA_HOSTNAME(d); - std_targets[i++] = XA_IP_ADDRESS(d); std_targets[i++] = XA_USER(d); std_targets[i++] = XA_CLASS(d); std_targets[i++] = XA_NAME(d); -- cgit v1.2.1