summaryrefslogtreecommitdiff
path: root/Xtranssock.c
diff options
context:
space:
mode:
authorDemi Marie Obenour <demiobenour@gmail.com>2020-12-17 03:28:45 +0000
committerAlan Coopersmith <alan.coopersmith@oracle.com>2023-03-19 18:07:21 +0000
commite24adec1203cd25423ab2835a5be4f6b828b72a5 (patch)
tree94d5952a7477581a7ccdbb4cf402f0e2a7b15a19 /Xtranssock.c
parent9d77996f9f972da63c06099fd8c0f0529159b98f (diff)
Remove client-side abstract socket support
CVE-2020-25697 and the Flatpak documentation show that clients using abstract sockets without mutual authentication is unsafe. TRANS_ABSTRACT remains supported, but it is now a no-op on the client side. Abstract sockets are still supported for servers, as the X server authenticates the client via other methods. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Diffstat (limited to 'Xtranssock.c')
-rw-r--r--Xtranssock.c33
1 files changed, 3 insertions, 30 deletions
diff --git a/Xtranssock.c b/Xtranssock.c
index 99c0f1f..9482ecf 100644
--- a/Xtranssock.c
+++ b/Xtranssock.c
@@ -141,7 +141,7 @@ from the copyright holders.
/* others don't need this */
#define SocketInitOnce() /**/
-#ifdef linux
+#ifdef __linux__
#define HAVE_ABSTRACT_SOCKETS
#endif
@@ -1839,12 +1839,6 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr,
struct sockaddr_un sockname;
SOCKLEN_T namelen;
-
- int abstract = 0;
-#ifdef HAVE_ABSTRACT_SOCKETS
- abstract = ciptr->transptr->flags & TRANS_ABSTRACT;
-#endif
-
prmsg (2,"SocketUNIXConnect(%d,%s,%s)\n", ciptr->fd, host, port);
/*
@@ -1880,7 +1874,7 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr,
sockname.sun_family = AF_UNIX;
- if (set_sun_path(port, UNIX_PATH, sockname.sun_path, abstract) != 0) {
+ if (set_sun_path(port, UNIX_PATH, sockname.sun_path, 0) != 0) {
prmsg (1, "SocketUNIXConnect: path too long\n");
return TRANS_CONNECT_FAILED;
}
@@ -1896,16 +1890,6 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr,
#endif
-
- /*
- * Adjust the socket path if using abstract sockets.
- * Done here because otherwise all the strlen() calls above would fail.
- */
-
- if (abstract) {
- sockname.sun_path[0] = '\0';
- }
-
/*
* Do the connect()
*/
@@ -1939,15 +1923,7 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr,
return TRANS_IN_PROGRESS;
else if (olderrno == EINTR)
return TRANS_TRY_CONNECT_AGAIN;
- else if (olderrno == ENOENT || olderrno == ECONNREFUSED) {
- /* If opening as abstract socket failed, try again normally */
- if (abstract) {
- ciptr->transptr->flags &= ~(TRANS_ABSTRACT);
- return TRANS_TRY_CONNECT_AGAIN;
- } else {
- return TRANS_CONNECT_FAILED;
- }
- } else {
+ else {
prmsg (2,"SocketUNIXConnect: Can't connect: errno = %d\n",
EGET());
@@ -1969,9 +1945,6 @@ TRANS(SocketUNIXConnect) (XtransConnInfo ciptr,
return TRANS_CONNECT_FAILED;
}
- if (abstract)
- sockname.sun_path[0] = '@';
-
ciptr->family = AF_UNIX;
ciptr->addrlen = namelen;
ciptr->peeraddrlen = namelen;