summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2018-09-30Fixed out ouf boundary accesses.Tobias Stoeckmann
Out of boundary accesses can occur while processing messages. This affects clients and the session server. Generally, the code tries to prevent out of boundary accesses. It initially "skips" over the memory areas by parsing supplied lengths. Then, it checks if it skipped over the memory boundary. If not, then data is actually read and memory allocated, etc. The problem is that while initially skipping over the memory, subsequent lengths are already parsed, i.e. accessed. This results in out of boundary reads on hostile messages. Lengths could also overflow on 32 bit systems, leading to out of boundary writes if not enough bytes have been allocated. Authentication is handled by libICE, which is not affected, because the macros for skipping already take care about memory boundaries. Therefore, this flaw can only be used by authenticated clients or by hostile servers (which could simply accept every MIT cookie). Most session managers only use Unix sockets, so in many cases it takes a local authenticated user. In order to fix this, I decided to move the macros from SMlibint.h to its only callers in sm_process.c, turning them into functions for much easier error handling and readability. Instead of skipping over the memory, validation happens during actual read and memory allocation operations, as it's rather unlikely to encounter hostile code anyway, i.e. my code has more error cleanup handling in it. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
2015-10-20Get rid of strcpy() in the HAVE_UUID_CREATE caseMatthieu Herrb
Even though this use was safe, some linkers produce a warning when strcpy() is used, and this is the only use in libSM. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2015-10-20Fix uuid_to_string(3) typeMatthieu Herrb
It should be char *. Reviewed-by: Adam Jackson <ajax@redhat.com>
2015-04-10Include unistd.h for getpid()Jon TURNEY
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by: David Macek <david.macek.0@gmail.com>
2013-11-22Stop compiling empty sm_auth.c stubAlan Coopersmith
File exists as a placeholder in case someone someday decides to add additional auth methods on top of what libICE provides, but it's been two decades and no one has, so stop spending time compiling & linking for now. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Adam Jackson <ajax@redhat.com>
2013-08-09Fix some clang warnings about integer size/sign conversionsAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-08-09unifdef WORD64 (leftover bits of Cray support)Alan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-08-09Constify previous_id argument to SmcOpenConnectionAlan Coopersmith
Clears gcc warning of: sm_client.c: In function 'SmcOpenConnection': sm_client.c:199:13: warning: assignment discards 'const' qualifier from pointer target type [enabled by default] Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2013-01-04unifdef -U__UNIXOS2__Alan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2012-12-26Remove unused TLI ("STREAMSCONN") code from libSMAlan Coopersmith
Has never been converted to build in modular builds, so has been unusable since X11R7.0 release in 2005. All known platforms with TLI/XTI support that X11R7 & later releases run on also have (and mostly prefer) BSD socket support for their networking API. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-12-09unifdef -ULynxAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09SmsInitialize: Mark vendor & release args as const char *Alan Coopersmith
Needed to fix gcc -Wwrite-strings arguments in callers such as xsm. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Remove a bunch of unnecessary casts with malloc & free callsAlan Coopersmith
With modern compilers and headers, they cause more problems than they solve and just hide real issues. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Replace malloc(strlen) + strcpy sets with strdup callsAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Reindent IPv4 code to match IPv6 codeAlan Coopersmith
Takes care of the other block of code confusingly sharing indent levels Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Move variable declarations to get rid of unnecessary scope bracketsAlan Coopersmith
Gets rid of one of the multiple levels of bracketing that confusingly shared the same indent level. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Move and rename temp[4] definition to reduce confusion with temp[256]Alan Coopersmith
Both variables were locals in different scope levels of the same function, leading to both confusing code and gcc -Wshadow warnings: sm_genid.c: In function 'SmsGenerateClientID': sm_genid.c:160:10: warning: declaration of 'temp' shadows a previous local Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-12-09Use imdent to make multiple levels of nested #if easier to followAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
2011-09-16Strip trailing whitespaceAlan Coopersmith
Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2011-02-02config: splitting SM and XTRANS compiler options is not requiredGaetan Nadon
Simplify configuration by using a single PKG_CHECK_MODULES statement. Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
2010-11-21Sun's copyrights belong to Oracle nowAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-10-06Purge cvs tags.Jesse Adkins
Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2010-05-26Fix off by one error in SmsGenerateClientID when uuid_create is usedAlexander Kabaev
Fix apparent typo in SmsGenerateClientID which always leaves the first byte of allocated id string uninitialized. If that byte happens to be 0, SmsGenerateClientId appears to return an empty string to the caller, instead of proper GUID in text form. Reviewed-by: James CLoos <cloos@jhcloos.com> Signed-off-by: Adam Jackson <ajax@redhat.com>
2010-01-14Update Sun license notices to current X.Org standard formAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-11-16Revert "Fix memory leak for SM_DeleteProperties"Alan Coopersmith
This reverts commit 58aa8879e10b12e478ab14b90afd1001b4abd316. Fixes gnome-session crashes due to double frees, as reported in http://bugs.freedesktop.org/show_bug.cgi?id=24964
2009-10-14Fix memory leak for SM_DeletePropertiesMichael Jansen
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-10-09Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONSAlan Coopersmith
Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
2009-08-07libSM 1.1.1, update libtool versionlibSM-1.1.1Rémi Cardona
2009-08-03Use FreeBSD uuid functions when available.Diego Elio 'Flameeyes' Pettenò
If the system provide the uuid_create function assume building on FreeBSD or another OS with a compatible uuid interface. If that's the case, ignore libuuid and just use the system functions without extra deps.
2009-01-28Janitor: ansification, make distcheck, compiler warnings.Paulo Cesar Pereira de Andrade
2008-11-29avoid gcc warnings for libSMPaulo Cesar Pereira de Andrade
Patch from http://bugs.freedesktop.org/show_bug.cgi?id=17968 adapted to current sources. This corrects a potential (hypothetical) segmentation fault.
2008-10-17Bug #17644: Fix valgrind warning in _SmcProcessMessageCaolan McNamara
2008-07-02Avoid memcpy(foo, NULL, n), that's just nonsense.Adam Jackson
2008-06-24Bug #14949: Don't use gethostbyname() for client IDs.Dan Williams
gethostbyname() will hit the network, which leads to DNS timeouts, which leads to fail. Just use UUIDs.
2007-05-13Another tiny char* vs const char* fix.Tilman Sauerbeck
2007-05-13Revert "Don't reinvent the wheel and just use strdup()."Tilman Sauerbeck
This reverts commit 57ea148fdbf047a012b361acdc7954e70679dad3.
2007-05-13Removed some global writable variables.Tilman Sauerbeck
2007-05-13Don't reinvent the wheel and just use strdup().Tilman Sauerbeck
2007-05-13Fixed some const vs non-const mix ups.Tilman Sauerbeck
2007-05-13Sanitized hex string conversion in SmsGenerateClientID().Tilman Sauerbeck
This reduces the size of the DSO by almost 4K and gets rid of 255 relocations on load.
2006-07-13renamed: .cvsignore -> .gitignoreAlan Coopersmith
2006-06-26From Patch #6046 <https://bugs.freedesktop.org/attachment.cgi?id=6046>Alan Coopersmith
freeaddrinfo() in error handling return (Peter Breitenlohner)
2006-03-17Specs say SmsInitialize & SmcOpenConnection return NULL terminated stringsXORG-7_0_99_901Alan Coopersmith
in errorStringRet, but were just calling strncpy and not making sure strings were NULL terminated if errorLength wasn't long enough. (Noticed while evaluating Coverity ids 196 & 201.)
2005-11-08See ChangeLog entry 2005-11-07 for details.XORG-6_8_99_903XORG-6_8_99_902Kean Johnson
2005-07-16Set soversion to 6.0.0 using -version-number.Daniel Stone
2005-07-13Eliminate xtrans CFLAGS from .pc file as xtrans is not part of the publicKeith Packard
API.
2005-07-09Add .cvsignore filesKeith Packard
2005-06-09Replace <X11/Xtrans.h> with <X11/Xtrans/Xtrans.h>XORG-6_8_99_901XORG-6_8_99_900XORG-6_8_99_16XORG-6_8_99_15XORG-6_8_99_14XORG-6_8_99_13XORG-6_8_99_12XORG-6_8_99_11Alexander Gottwald
Copy Xtrans.h to exports/include/X11/Xtrans only
2005-05-17- Conditionally include config.h in xc/lib/SMXORG-6_8_99_9XORG-6_8_99_8XORG-6_8_99_10Søren Sandmann Pedersen
- Add libSM to symlink.sh - Add SM build system
2005-04-03Bug #1447: Fix a use-after-free case in libSM. (Mark McLoughlin)sco_port_update-baseXORG-6_8_99_7XORG-6_8_99_6XORG-6_8_99_5XORG-6_8_99_4XORG-6_8_99_3XORG-6_8_99_2Adam Jackson