summaryrefslogtreecommitdiff
path: root/src/authutil.c
AgeCommit message (Collapse)Author
2019-03-24authutil: support $XDG_RUNTIME_DIR/ICEauthorityAllison Lortie
If we find that $XDG_RUNTIME_DIR is set (and $ICEAUTHORITY is not), then the ICEauthority file is stored in the XDG_RUNTIME_DIR instead of the home directory, and without a leading dot. https://bugs.freedesktop.org/show_bug.cgi?id=49173 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2019-03-24authutil: fix an out-of-bounds accessAllison Lortie
There is a theoretical edge case where the $HOME environment variable could be set to the empty string. IceAuthFileName() unconditionally checks index 1 of this string, which is out of bounds. Fix that up by rejecting empty strings in the same way as we reject NULL. https://bugs.freedesktop.org/show_bug.cgi?id=49173 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2017-09-14Drop NULL check prior to free()walter harms
free() can handle NULL just fine - remove the check. Signed-off-by: Walter Harms <wharms@bfs.de> Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com> Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
2017-09-07Remove unneeded ^L symbols.Emil Velikov
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com> (IRC)
2017-09-07Kill off Time_t macroEmil Velikov
Analogous to previous commit, including the megacommit that removed the need for it. Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com> (IRC)
2016-12-09Fix use after free on subsequent callsTobias Stoeckmann
The function IceAuthFileName is vulnerable to a use after free. The flaw can be triggered by calling the function three times: - First call succeeds and stores the path in buf, a dynamically allocated buffer with size bsize. - Second call fails due to out of memory. It frees buf, but keeps the old size in bsize. - Third call only checks if bsize is large enough. Then it uses buf without allocating it again -- the use after free happens. In order to exploit this, an attacker must change environment variables between each call, namely ICEAUTHORITY or HOME. It also takes subsequent calls. Due to these limitations, I don't consider this to be of high priority. Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2013-08-08Make write_string call write_counted_string instead of copying itAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-08-08Mark input arguments to write_string functions as constAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-08-08Stop casting return values from mallocAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-08-08Get rid of casts to (char *) in calls to free()Alan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-20Convert remaining sprintf() call to snprintf()Alan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-20Convert strcpy/strcat pairs to snprintf callsAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-20Fix some clang warnings about integer sign/size conversionsAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-07-20Constify filename argument to IceLockAuthFile & IceUnlockAuthFileAlan Coopersmith
Needed to fix const string warnings in iceauth - functions already copy provided arguments to temporary local buffer for modifications. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2013-01-04unifdef -U__UNIXOS2__Alan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-11-11constify arguments to IceGetAuthFileEntryAlan Coopersmith
Needed to clear gcc -Wwrite-strings warnings in callers Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
2011-09-16Strip trailing whitespaceAlan Coopersmith
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-10-06Purge cvs tags.Jesse Adkins
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2009-01-06Use NULL, not zero, for pointersPeter Breitenlohner
From Magnus Kessler <Magnus.Kessler@gmx.net> http://lists.freedesktop.org/archives/xorg/2008-October/039799.html http://lists.freedesktop.org/archives/xorg/attachments/20081030/b2ea5b1c/attachment-0001.bin
2009-01-06ANSI CPeter Breitenlohner
convert all old style function declarations see also: Paulo Cesar Pereira de Andrade <pcpa@mandriva.com.br> http://bugs.freedesktop.org/show_bug.cgi?id=14683 http://bugs.freedesktop.org/attachment.cgi?id=14582 see also: Magnus Kessler <Magnus.Kessler@gmx.net> http://lists.freedesktop.org/archives/xorg/2008-October/039799.html http://lists.freedesktop.org/archives/xorg/attachments/20081030/b2ea5b1c/attachment-0001.bin
2008-04-29silence warningAlan Hourihane
2007-04-05Convert authutil.c static helpers to ANSI C prototypes to clear sparse warningsAlan Coopersmith
2005-07-03Add Xtrans definitions (FONT_t, TRANS_CLIENT) to clean up warnings.XORG-6_8_99_901XORG-6_8_99_900XORG-6_8_99_16XORG-6_8_99_15XORG-6_8_99_14Daniel Stone
Add XSERV_t, TRANS_SERVER, TRANS_REOPEN to quash warnings. Add #include <dix-config.h> or <xorg-config.h>, as appropriate, to all source files in the xserver/xorg tree, predicated on defines of HAVE_{DIX,XORG}_CONFIG_H. Change all Xfont includes to <X11/fonts/foo.h>.
2005-05-17- Conditionally include config.h in the ICE source.XORG-6_8_99_9XORG-6_8_99_8XORG-6_8_99_10Søren Sandmann Pedersen
- Add ICE to symlink.sh
2004-04-23Merging XORG-CURRENT into trunkxprint_packagertest_20041217_basexprint_packagertest_20041125_baserel-0-6-1lg3d-rel-0-7-0lg3d-rel-0-6-2lg3d-baseXORG-6_8_2XORG-6_8_1_904XORG-6_8_1_903XORG-6_8_1_902XORG-6_8_1_901XORG-6_8_1XORG-6_8_0XORG-6_7_99_904XORG-6_7_99_903XORG-6_7_99_902XORG-6_7_99_901XORG-6_7_99_2XORG-6_7_99_1XACE-SELINUX-MERGExprint_packagertest_20041217xprint_packagertest_20041125lg3d-masterlg3d-eventlg3d-dev-0-7-1lg3d-dev-0-7-0lg3d-dev-0-6-latestlg3d-dev-0-6-2lg3d-dev-0-6-1-latestlg3d-dev-0-6-1-currentlg3d-dev-0-6-1-1lg3d-dev-0-6-1lg3dXORG-6_8-branchCOMPOSITEWRAPEgbert Eich
2004-03-14Importing vendor version xf86-4_4_99_1 on Sun Mar 14 00:26:39 PST 2004xf86-4_4_99_1Egbert Eich
2004-03-03Importing vendor version xf86-4_4_0 on Wed Mar 3 04:09:24 PST 2004xf86-4_4_0STSF-CURRENTEgbert Eich
2004-02-26readding XFree86's cvs IDsxf86-4_3_99_903Egbert Eich
2004-02-26Importing vendor version xf86-4_3_99_903 on Wed Feb 26 01:21:00 PST 2004Egbert Eich
2003-12-04XFree86 4.3.99.901 (RC 1)xf86-4_3_99_903_specialxf86-4_3_99_902xf86-4_3_99_901xf86-012804-2330Kaleb Keithley
2003-11-14XFree86 4.3.0.1xf86-4_3_0_1PRE_xf86-4_3_0_1Kaleb Keithley
2003-11-14R6.6 is the Xorg base-lineXORG-MAINXORG-STABLEKaleb Keithley