summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDemi Marie Obenour <demiobenour@gmail.com>2022-07-03 17:57:11 -0400
committerDemi Marie Obenour <demiobenour@gmail.com>2023-03-25 13:15:08 -0400
commitccdef1a8a5b6956a3fb7115d634db213433dca75 (patch)
tree212950dbd5ef9f2b902c0248aefded0a3044ad22
parent18e109d755c5ce18157fdabb6de8ee6845b348ff (diff)
Allow full paths to sockets on non-macOS
When combined with xorg/lib/libxtrans!7, this allows CVE-2020-25697 to be mitigated by placing the AF_UNIX socket in a secure directory on the filesystem. This enables HAVE_LAUNCHD unconditionally and deletes the configure switch. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
-rw-r--r--configure.ac10
-rw-r--r--src/xcb_util.c22
2 files changed, 9 insertions, 23 deletions
diff --git a/configure.ac b/configure.ac
index 3d81a6b..e4a0376 100644
--- a/configure.ac
+++ b/configure.ac
@@ -247,16 +247,6 @@ XCB_EXTENSION(XTest, yes)
XCB_EXTENSION(Xv, yes)
XCB_EXTENSION(XvMC, yes)
-AC_ARG_WITH(launchd, AS_HELP_STRING([--with-launchd], [Build with support for Apple's launchd (default: auto)]), [LAUNCHD=$withval], [LAUNCHD=auto])
-if test "x$LAUNCHD" = xauto; then
- unset LAUNCHD
- AC_CHECK_PROG(LAUNCHD, [launchd], [yes], [no], [$PATH$PATH_SEPARATOR/sbin])
-fi
-
-if test "x$LAUNCHD" = xyes ; then
- AC_DEFINE(HAVE_LAUNCHD, 1, [launchd support available])
-fi
-
AC_ARG_WITH(serverside-support, AS_HELP_STRING([--with-serverside-support], [Build with support for server-side usage of xcb. This is still EXPERIMENTAL! ABI/API may change! (default: no)]), [XCB_SERVERSIDE_SUPPORT=$withval], [XCB_SERVERSIDE_SUPPORT=no])
AM_CONDITIONAL(XCB_SERVERSIDE_SUPPORT, test "x$XCB_SERVERSIDE_SUPPORT" = "xyes")
diff --git a/src/xcb_util.c b/src/xcb_util.c
index 30bcf79..7a71efe 100644
--- a/src/xcb_util.c
+++ b/src/xcb_util.c
@@ -60,9 +60,7 @@
# include <sys/stat.h>
#endif
-#ifdef HAVE_LAUNCHD
#include <sys/stat.h>
-#endif
int xcb_popcount(uint32_t mask)
{
@@ -82,7 +80,6 @@ int xcb_sumof(uint8_t *list, int len)
return s;
}
-#ifdef HAVE_LAUNCHD
/* Return true and parse if name matches <path to socket>[.<screen>]
* Upon success:
* host = <path to socket>
@@ -95,9 +92,15 @@ static int _xcb_parse_display_path_to_socket(const char *name, char **host, char
{
struct stat sbuf;
char path[PATH_MAX];
+ size_t len;
int _screen = 0;
- strlcpy(path, name, sizeof(path));
+ if (name[0] != '/')
+ return 0;
+ len = strlen(name);
+ if (len >= sizeof(path))
+ return 0;
+ memcpy(path, name, len + 1);
if (0 != stat(path, &sbuf)) {
char *dot = strrchr(path, '.');
if (!dot)
@@ -133,7 +136,6 @@ static int _xcb_parse_display_path_to_socket(const char *name, char **host, char
return 1;
}
-#endif
static int _xcb_parse_display(const char *name, char **host, char **protocol,
int *displayp, int *screenp)
@@ -146,11 +148,9 @@ static int _xcb_parse_display(const char *name, char **host, char **protocol,
if(!name)
return 0;
-#ifdef HAVE_LAUNCHD
/* First check for <path to socket>[.<screen>] */
if (_xcb_parse_display_path_to_socket(name, host, protocol, displayp, screenp))
return 1;
-#endif
slash = strrchr(name, '/');
@@ -235,6 +235,7 @@ static int _xcb_open(const char *host, char *protocol, const int display)
size_t filelen;
char *file = NULL;
int actual_filelen;
+ struct stat sbuf;
/* If protocol or host is "unix", fall through to Unix socket code below */
if ((!protocol || (strcmp("unix",protocol) != 0)) &&
@@ -250,7 +251,6 @@ static int _xcb_open(const char *host, char *protocol, const int display)
/* Check special path for Unix sockets under Solaris Trusted Extensions */
if (is_system_labeled())
{
- struct stat sbuf;
const char *tsol_base = "/var/tsol/doors/.X11-unix/X";
char tsol_socket[PATH_MAX];
@@ -261,16 +261,12 @@ static int _xcb_open(const char *host, char *protocol, const int display)
}
#endif
-#ifdef HAVE_LAUNCHD
- struct stat sbuf;
if (0 == stat(host, &sbuf)) {
file = strdup(host);
if(file == NULL)
return -1;
filelen = actual_filelen = strlen(file);
- } else
-#endif
- {
+ } else {
filelen = strlen(base) + 1 + sizeof(display) * 3 + 1;
file = malloc(filelen);
if(file == NULL)