From ccdef1a8a5b6956a3fb7115d634db213433dca75 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sun, 3 Jul 2022 17:57:11 -0400 Subject: Allow full paths to sockets on non-macOS When combined with xorg/lib/libxtrans!7, this allows CVE-2020-25697 to be mitigated by placing the AF_UNIX socket in a secure directory on the filesystem. This enables HAVE_LAUNCHD unconditionally and deletes the configure switch. Signed-off-by: Demi Marie Obenour --- configure.ac | 10 ---------- src/xcb_util.c | 22 +++++++++------------- 2 files changed, 9 insertions(+), 23 deletions(-) diff --git a/configure.ac b/configure.ac index 3d81a6b..e4a0376 100644 --- a/configure.ac +++ b/configure.ac @@ -247,16 +247,6 @@ XCB_EXTENSION(XTest, yes) XCB_EXTENSION(Xv, yes) XCB_EXTENSION(XvMC, yes) -AC_ARG_WITH(launchd, AS_HELP_STRING([--with-launchd], [Build with support for Apple's launchd (default: auto)]), [LAUNCHD=$withval], [LAUNCHD=auto]) -if test "x$LAUNCHD" = xauto; then - unset LAUNCHD - AC_CHECK_PROG(LAUNCHD, [launchd], [yes], [no], [$PATH$PATH_SEPARATOR/sbin]) -fi - -if test "x$LAUNCHD" = xyes ; then - AC_DEFINE(HAVE_LAUNCHD, 1, [launchd support available]) -fi - AC_ARG_WITH(serverside-support, AS_HELP_STRING([--with-serverside-support], [Build with support for server-side usage of xcb. This is still EXPERIMENTAL! ABI/API may change! (default: no)]), [XCB_SERVERSIDE_SUPPORT=$withval], [XCB_SERVERSIDE_SUPPORT=no]) AM_CONDITIONAL(XCB_SERVERSIDE_SUPPORT, test "x$XCB_SERVERSIDE_SUPPORT" = "xyes") diff --git a/src/xcb_util.c b/src/xcb_util.c index 30bcf79..7a71efe 100644 --- a/src/xcb_util.c +++ b/src/xcb_util.c @@ -60,9 +60,7 @@ # include #endif -#ifdef HAVE_LAUNCHD #include -#endif int xcb_popcount(uint32_t mask) { @@ -82,7 +80,6 @@ int xcb_sumof(uint8_t *list, int len) return s; } -#ifdef HAVE_LAUNCHD /* Return true and parse if name matches [.] * Upon success: * host = @@ -95,9 +92,15 @@ static int _xcb_parse_display_path_to_socket(const char *name, char **host, char { struct stat sbuf; char path[PATH_MAX]; + size_t len; int _screen = 0; - strlcpy(path, name, sizeof(path)); + if (name[0] != '/') + return 0; + len = strlen(name); + if (len >= sizeof(path)) + return 0; + memcpy(path, name, len + 1); if (0 != stat(path, &sbuf)) { char *dot = strrchr(path, '.'); if (!dot) @@ -133,7 +136,6 @@ static int _xcb_parse_display_path_to_socket(const char *name, char **host, char return 1; } -#endif static int _xcb_parse_display(const char *name, char **host, char **protocol, int *displayp, int *screenp) @@ -146,11 +148,9 @@ static int _xcb_parse_display(const char *name, char **host, char **protocol, if(!name) return 0; -#ifdef HAVE_LAUNCHD /* First check for [.] */ if (_xcb_parse_display_path_to_socket(name, host, protocol, displayp, screenp)) return 1; -#endif slash = strrchr(name, '/'); @@ -235,6 +235,7 @@ static int _xcb_open(const char *host, char *protocol, const int display) size_t filelen; char *file = NULL; int actual_filelen; + struct stat sbuf; /* If protocol or host is "unix", fall through to Unix socket code below */ if ((!protocol || (strcmp("unix",protocol) != 0)) && @@ -250,7 +251,6 @@ static int _xcb_open(const char *host, char *protocol, const int display) /* Check special path for Unix sockets under Solaris Trusted Extensions */ if (is_system_labeled()) { - struct stat sbuf; const char *tsol_base = "/var/tsol/doors/.X11-unix/X"; char tsol_socket[PATH_MAX]; @@ -261,16 +261,12 @@ static int _xcb_open(const char *host, char *protocol, const int display) } #endif -#ifdef HAVE_LAUNCHD - struct stat sbuf; if (0 == stat(host, &sbuf)) { file = strdup(host); if(file == NULL) return -1; filelen = actual_filelen = strlen(file); - } else -#endif - { + } else { filelen = strlen(base) + 1 + sizeof(display) * 3 + 1; file = malloc(filelen); if(file == NULL) -- cgit v1.2.3