| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
Out of boundary accesses can occur while processing messages. This
affects clients and the session server.
Generally, the code tries to prevent out of boundary accesses. It
initially "skips" over the memory areas by parsing supplied lengths.
Then, it checks if it skipped over the memory boundary. If not, then
data is actually read and memory allocated, etc.
The problem is that while initially skipping over the memory,
subsequent lengths are already parsed, i.e. accessed. This results in
out of boundary reads on hostile messages.
Lengths could also overflow on 32 bit systems, leading to out of
boundary writes if not enough bytes have been allocated.
Authentication is handled by libICE, which is not affected, because the
macros for skipping already take care about memory boundaries.
Therefore, this flaw can only be used by authenticated clients or by
hostile servers (which could simply accept every MIT cookie). Most
session managers only use Unix sockets, so in many cases it takes a
local authenticated user.
In order to fix this, I decided to move the macros from SMlibint.h to
its only callers in sm_process.c, turning them into functions for much
easier error handling and readability.
Instead of skipping over the memory, validation happens during actual
read and memory allocation operations, as it's rather unlikely to
encounter hostile code anyway, i.e. my code has more error cleanup
handling in it.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=103135
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
|
|
Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Syncs the invocation of configure with the one from the server.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
|
|
Even though this use was safe, some linkers produce a warning
when strcpy() is used, and this is the only use in libSM.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
It should be char *.
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: David Macek <david.macek.0@gmail.com>
|
|
File exists as a placeholder in case someone someday decides to add
additional auth methods on top of what libICE provides, but it's been
two decades and no one has, so stop spending time compiling & linking
for now.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Clears gcc warning of:
sm_client.c: In function 'SmcOpenConnection':
sm_client.c:199:13: warning: assignment discards 'const' qualifier from
pointer target type [enabled by default]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
http://people.gnome.org/~walters/docs/build-api.txt
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Has never been converted to build in modular builds, so has been unusable
since X11R7.0 release in 2005. All known platforms with TLI/XTI support
that X11R7 & later releases run on also have (and mostly prefer) BSD
socket support for their networking API.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
On certain tables, add top and bottom borders to table
header and a bottom border to the table. This matches
what those tables in the old pdfs looked like.
the <?dbfo keep-together='always'> prevents tables from
splitting across pages. Useful for tiny tables.
Converting the colwidth to a floating point,
IE, 1* -> 1.0* cleans up these build errors:
WARNING: table-layout="fixed" and column-width unspecified
=> falling back to proportional-column-width(1)
Signed-off-by: Matt Dew <marcoz@osource.org>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Needed to fix gcc -Wwrite-strings arguments in callers such as xsm.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
With modern compilers and headers, they cause more problems than they
solve and just hide real issues.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Takes care of the other block of code confusingly sharing indent levels
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Gets rid of one of the multiple levels of bracketing that confusingly
shared the same indent level.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Both variables were locals in different scope levels of the same
function, leading to both confusing code and gcc -Wshadow warnings:
sm_genid.c: In function 'SmsGenerateClientID':
sm_genid.c:160:10: warning: declaration of 'temp' shadows a previous local
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: James Cloos <cloos@jhcloos.com>
|
|
1 - fix the capitalization of the ID attributes to match either the
<title> or <funcdef> string it goes with.
2 - fix any <linkend>'s that were affected by 1.
3 - any <function> in the docs that has an actual funcdef,
will become an olink.
Signed-off-by: Matt Dew <marcoz@osource.org>
|
|
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
This element is not rendered by default on the title. A template
customization is required to display it.
X Window System does not have a product number.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Rather than referring to the external xorg.css stylesheet, embed the content
of the file in the html output produced. This is accomplished by using
version 1.10 of xorg-xhtml.xsl.
This makes the whole html docs tree much more relocatable.
In addition, it eliminates xorg.css as a runtime file which makes
xorg-sgml-doctools a build time only package.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Adding support in libX11 for html chunking caused a reorg of docbook.am
as well as the xorg-sgml-doctools masterdb for olinking.
The parameter img.src.path is added for pdf images.
A searchpath to the root builddir is added for local entities, if present.
The docbook.am makefile hides all the details and is identical for
all 22 modules having DocBook documentation. It is included by a thin
Makefile.am which requires no docbook knowledge.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
DocBook/XML input source is also a usefull output format that can be viewed
with an XML viewer or editor and by some O/S help system.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
This matches a change in xorg-sgml-docs whereby the masterdb will look for
the target dbs into the same location as the generated documents.
The target dbs are now installed alongside the generated documents.
Previously they are installed in $prefix/sgml/X11/dbs alongside masterdb which
has the potential of installing outside the package prefix and cause
distcheck to fail when user does not have write permission in this package.
Requires XORG_CHECK_SGML_DOCTOOLS(1.8) which was released 2011-06-11
|
|
Signed-off-by: Matt Dew <marcoz@osource.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
|
|
When writing technical documentation, it is often necessary to cross
reference to other information. When that other information is not in the
current document, additional support is needed, namely <olink>.
A new feature with version 1.7 of xorg-sgml-doctools adds references to
other documents within or outside this package.
This patch adds technical support for this feature but does not change
the content of the documentation as seen by the end user.
Each book or article must generate a database containing the href
of sections that can be referred to from another document. This database
is installed in DATAROOTDIR/sgml/X11/dbs. There is a requirement that
the value of DATAROOTDIR for xorg-sgml-doctools and for the package
documentation is the same. This forms a virtual document tree.
This database is consulted by other documents while they are being generated
in order to fulfill the missing information for linking.
Refer to the xorg-sgml-doctools for further technical information.
Co-authored-by: Matt Dew <marcoz@osource.org>
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
This is required for the up-coming external references support.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Simplify configuration by using a single PKG_CHECK_MODULES statement.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Group statements per section as per Autoconf standard layout
Quote statements where appropriate.
Autoconf recommends not using dnl instead of # for comments
Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters.
This helps automated maintenance and release activities.
Details can be found in http://wiki.x.org/wiki/NewModuleGuidelines
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=33390
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Dan Nicholson <dbn.lists@gmail.com>
|
|
This silences an Automake warning.
Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
|
|
Autoconf says:
"This macro is obsolescent, as current systems have conforming
header files. New programs need not use this macro".
|
|
Signed-off-by: Paulo Zanoni <pzanoni@mandriva.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Regroup AC statements under the Autoconf initialization section.
Regroup AM statements under the Automake initialization section.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
AC_PROG_CC are provided by XORG_DEFAULT_OPTIONS now
PKG_CONFIG_MODULES handles AC_SUBST of the CFLAGS & LIBS variables
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
