From 25503efe878996f9c94dae5ee9f22558360c9768 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Sat, 20 Oct 2018 19:25:33 +0000 Subject: Update to libSM 1.2.3 --- lib/libSM/ChangeLog | 136 +++++++++++++++++++ lib/libSM/aclocal.m4 | 64 ++++++--- lib/libSM/compile | 2 +- lib/libSM/configure | 99 ++++++++++---- lib/libSM/configure.ac | 2 +- lib/libSM/doc/SMlib.xml | 4 +- lib/libSM/src/Makefile.am | 3 +- lib/libSM/src/Makefile.in | 5 +- lib/libSM/src/SMlibint.h | 74 ----------- lib/libSM/src/sm_genid.c | 1 + lib/libSM/src/sm_process.c | 318 ++++++++++++++++++++++++++++++++------------- 11 files changed, 490 insertions(+), 218 deletions(-) (limited to 'lib') diff --git a/lib/libSM/ChangeLog b/lib/libSM/ChangeLog index f9aca97b1..45b1ffb3a 100644 --- a/lib/libSM/ChangeLog +++ b/lib/libSM/ChangeLog @@ -1,3 +1,139 @@ +commit a52c79544fcd6b5e2242b9122dfaa34be07aebb2 +Author: Matthieu Herrb +Date: Sun Sep 30 11:03:41 2018 +0200 + + libSM 1.2.3 + + Signed-off-by: Matthieu Herrb + +commit d86106f2369ecf81155decaa360f9162c0c3cd53 +Author: Tobias Stoeckmann +Date: Wed Aug 15 21:21:09 2018 +0200 + + Fixed out ouf boundary accesses. + + Out of boundary accesses can occur while processing messages. This + affects clients and the session server. + + Generally, the code tries to prevent out of boundary accesses. It + initially "skips" over the memory areas by parsing supplied lengths. + Then, it checks if it skipped over the memory boundary. If not, then + data is actually read and memory allocated, etc. + + The problem is that while initially skipping over the memory, + subsequent lengths are already parsed, i.e. accessed. This results in + out of boundary reads on hostile messages. + + Lengths could also overflow on 32 bit systems, leading to out of + boundary writes if not enough bytes have been allocated. + + Authentication is handled by libICE, which is not affected, because the + macros for skipping already take care about memory boundaries. + + Therefore, this flaw can only be used by authenticated clients or by + hostile servers (which could simply accept every MIT cookie). Most + session managers only use Unix sockets, so in many cases it takes a + local authenticated user. + + In order to fix this, I decided to move the macros from SMlibint.h to + its only callers in sm_process.c, turning them into functions for much + easier error handling and readability. + + Instead of skipping over the memory, validation happens during actual + read and memory allocation operations, as it's rather unlikely to + encounter hostile code anyway, i.e. my code has more error cleanup + handling in it. + + Signed-off-by: Tobias Stoeckmann + Reviewed-by: Matthieu Herrb + +commit 75ffafb4e04661fb890a9e8088b743cb077050a6 +Author: Fab +Date: Sat Oct 7 14:23:52 2017 +0000 + + Fix callbacks signatures in libSM documentation + + https://bugs.freedesktop.org/show_bug.cgi?id=103135 + + Reviewed-by: Alan Coopersmith + Signed-off-by: Alan Coopersmith + +commit b347e9f8ef3ae027c049741ab5c0c8dac45c9eb2 +Author: Mihail Konev +Date: Thu Jan 26 13:52:49 2017 +1000 + + autogen: add default patch prefix + + Signed-off-by: Mihail Konev + +commit d34f694e810d11f95cd61e4209cd6e38f70bce58 +Author: Emil Velikov +Date: Mon Mar 9 12:00:52 2015 +0000 + + autogen.sh: use quoted string variables + + Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent + fall-outs, when they contain space. + + Signed-off-by: Emil Velikov + Reviewed-by: Peter Hutterer + Signed-off-by: Peter Hutterer + +commit e27964e499f31f48782a6db7421660a230471b2c +Author: Peter Hutterer +Date: Tue Jan 24 10:32:07 2017 +1000 + + autogen.sh: use exec instead of waiting for configure to finish + + Syncs the invocation of configure with the one from the server. + + Signed-off-by: Peter Hutterer + Reviewed-by: Emil Velikov + +commit b64aa0ef375f2df3ce166733fe92429ba43b6145 +Author: Matthieu Herrb +Date: Tue Oct 20 14:48:52 2015 -0400 + + Get rid of strcpy() in the HAVE_UUID_CREATE case + + Even though this use was safe, some linkers produce a warning + when strcpy() is used, and this is the only use in libSM. + + Reviewed-by: Alan Coopersmith + +commit 0bf5d26d1d55029846514758f2ffd80e816bd9fb +Author: Matthieu Herrb +Date: Tue Oct 20 14:47:50 2015 -0400 + + Fix uuid_to_string(3) type + + It should be char *. + + Reviewed-by: Adam Jackson + +commit 29ea6247434a85934986e7d4fc60862231c5d77d +Author: Jon TURNEY +Date: Sat Sep 13 19:38:12 2014 +0100 + + Include unistd.h for getpid() + + Signed-off-by: Jon TURNEY + Reviewed-by: David Macek + +commit f2dd6934c38414bc448ee49b47604f135f5487ea +Author: Alan Coopersmith +Date: Sat Nov 16 19:35:15 2013 -0800 + + Stop compiling empty sm_auth.c stub + + File exists as a placeholder in case someone someday decides to add + additional auth methods on top of what libICE provides, but it's been + two decades and no one has, so stop spending time compiling & linking + for now. + + Signed-off-by: Alan Coopersmith + Reviewed-by: Adam Jackson + commit 0fd7aa17da41779129a3acfdad28e07c0072a160 Author: Alan Coopersmith Date: Sat Sep 7 23:05:16 2013 -0700 diff --git a/lib/libSM/aclocal.m4 b/lib/libSM/aclocal.m4 index fe155db4d..88e2462b6 100644 --- a/lib/libSM/aclocal.m4 +++ b/lib/libSM/aclocal.m4 @@ -9829,7 +9829,7 @@ AC_SUBST([am__untar]) dnl xorg-macros.m4. Generated from xorg-macros.m4.in xorgversion.m4 by configure. dnl -dnl Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved. +dnl Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. dnl dnl Permission is hereby granted, free of charge, to any person obtaining a dnl copy of this software and associated documentation files (the "Software"), @@ -9866,7 +9866,7 @@ dnl DEALINGS IN THE SOFTWARE. # See the "minimum version" comment for each macro you use to see what # version you require. m4_defun([XORG_MACROS_VERSION],[ -m4_define([vers_have], [1.19.0]) +m4_define([vers_have], [1.19.2]) m4_define([maj_have], m4_substr(vers_have, 0, m4_index(vers_have, [.]))) m4_define([maj_needed], m4_substr([$1], 0, m4_index([$1], [.]))) m4_if(m4_cmp(maj_have, maj_needed), 0,, @@ -9944,6 +9944,17 @@ AC_DEFUN([XORG_MANPAGE_SECTIONS],[ AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_PROG_SED]) +case $host_os in + solaris*) + # Solaris 2.0 - 11.3 use SysV man page section numbers, so we + # check for a man page file found in later versions that use + # traditional section numbers instead + AC_CHECK_FILE([/usr/share/man/man7/attributes.7], + [SYSV_MAN_SECTIONS=false], [SYSV_MAN_SECTIONS=true]) + ;; + *) SYSV_MAN_SECTIONS=false ;; +esac + if test x$APP_MAN_SUFFIX = x ; then APP_MAN_SUFFIX=1 fi @@ -9959,9 +9970,9 @@ if test x$LIB_MAN_DIR = x ; then fi if test x$FILE_MAN_SUFFIX = x ; then - case $host_os in - solaris*) FILE_MAN_SUFFIX=4 ;; - *) FILE_MAN_SUFFIX=5 ;; + case $SYSV_MAN_SECTIONS in + true) FILE_MAN_SUFFIX=4 ;; + *) FILE_MAN_SUFFIX=5 ;; esac fi if test x$FILE_MAN_DIR = x ; then @@ -9969,9 +9980,9 @@ if test x$FILE_MAN_DIR = x ; then fi if test x$MISC_MAN_SUFFIX = x ; then - case $host_os in - solaris*) MISC_MAN_SUFFIX=5 ;; - *) MISC_MAN_SUFFIX=7 ;; + case $SYSV_MAN_SECTIONS in + true) MISC_MAN_SUFFIX=5 ;; + *) MISC_MAN_SUFFIX=7 ;; esac fi if test x$MISC_MAN_DIR = x ; then @@ -9979,9 +9990,9 @@ if test x$MISC_MAN_DIR = x ; then fi if test x$DRIVER_MAN_SUFFIX = x ; then - case $host_os in - solaris*) DRIVER_MAN_SUFFIX=7 ;; - *) DRIVER_MAN_SUFFIX=4 ;; + case $SYSV_MAN_SECTIONS in + true) DRIVER_MAN_SUFFIX=7 ;; + *) DRIVER_MAN_SUFFIX=4 ;; esac fi if test x$DRIVER_MAN_DIR = x ; then @@ -9989,9 +10000,9 @@ if test x$DRIVER_MAN_DIR = x ; then fi if test x$ADMIN_MAN_SUFFIX = x ; then - case $host_os in - solaris*) ADMIN_MAN_SUFFIX=1m ;; - *) ADMIN_MAN_SUFFIX=8 ;; + case $SYSV_MAN_SECTIONS in + true) ADMIN_MAN_SUFFIX=1m ;; + *) ADMIN_MAN_SUFFIX=8 ;; esac fi if test x$ADMIN_MAN_DIR = x ; then @@ -10252,13 +10263,24 @@ m4_ifval([$1], fi]) # Test for the ability of xmlto to generate a text target +# +# NOTE: xmlto 0.0.27 or higher return a non-zero return code in the +# following test for empty XML docbook files. +# For compatibility reasons use the following empty XML docbook file and if +# it fails try it again with a non-empty XML file. have_xmlto_text=no cat > conftest.xml << "EOF" EOF AS_IF([test "$have_xmlto" = yes], [AS_IF([$XMLTO --skip-validation txt conftest.xml >/dev/null 2>&1], [have_xmlto_text=yes], - [AC_MSG_WARN([xmlto cannot generate text format, this format skipped])])]) + [# Try it again with a non-empty XML file. + cat > conftest.xml << "EOF" + +EOF + AS_IF([$XMLTO --skip-validation txt conftest.xml >/dev/null 2>&1], + [have_xmlto_text=yes], + [AC_MSG_WARN([xmlto cannot generate text format, this format skipped])])])]) rm -f conftest.xml AM_CONDITIONAL([HAVE_XMLTO_TEXT], [test $have_xmlto_text = yes]) AM_CONDITIONAL([HAVE_XMLTO], [test "$have_xmlto" = yes]) @@ -11654,8 +11676,9 @@ AC_REQUIRE([PKG_PROG_PKG_CONFIG]) macros_datadir=`$PKG_CONFIG --print-errors --variable=pkgdatadir xorg-macros` INSTALL_CMD="(cp -f "$macros_datadir/INSTALL" \$(top_srcdir)/.INSTALL.tmp && \ mv \$(top_srcdir)/.INSTALL.tmp \$(top_srcdir)/INSTALL) \ -|| (rm -f \$(top_srcdir)/.INSTALL.tmp; touch \$(top_srcdir)/INSTALL; \ -echo 'util-macros \"pkgdatadir\" from xorg-macros.pc not found: installing possibly empty INSTALL.' >&2)" +|| (rm -f \$(top_srcdir)/.INSTALL.tmp; test -e \$(top_srcdir)/INSTALL || ( \ +touch \$(top_srcdir)/INSTALL; \ +echo 'failed to copy INSTALL from util-macros: installing empty INSTALL.' >&2))" AC_SUBST([INSTALL_CMD]) ]) # XORG_INSTALL dnl Copyright 2005 Red Hat, Inc @@ -11716,10 +11739,11 @@ AC_DEFUN([XORG_RELEASE_VERSION],[ # # AC_DEFUN([XORG_CHANGELOG], [ -CHANGELOG_CMD="(GIT_DIR=\$(top_srcdir)/.git git log > \$(top_srcdir)/.changelog.tmp && \ +CHANGELOG_CMD="((GIT_DIR=\$(top_srcdir)/.git git log > \$(top_srcdir)/.changelog.tmp) 2>/dev/null && \ mv \$(top_srcdir)/.changelog.tmp \$(top_srcdir)/ChangeLog) \ -|| (rm -f \$(top_srcdir)/.changelog.tmp; touch \$(top_srcdir)/ChangeLog; \ -echo 'git directory not found: installing possibly empty changelog.' >&2)" +|| (rm -f \$(top_srcdir)/.changelog.tmp; test -e \$(top_srcdir)/ChangeLog || ( \ +touch \$(top_srcdir)/ChangeLog; \ +echo 'git failed to create ChangeLog: installing empty ChangeLog.' >&2))" AC_SUBST([CHANGELOG_CMD]) ]) # XORG_CHANGELOG diff --git a/lib/libSM/compile b/lib/libSM/compile index 531136b06..a85b723c7 100644 --- a/lib/libSM/compile +++ b/lib/libSM/compile @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/lib/libSM/configure b/lib/libSM/configure index 88cacdca6..87214149b 100644 --- a/lib/libSM/configure +++ b/lib/libSM/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libSM 1.2.2. +# Generated by GNU Autoconf 2.69 for libSM 1.2.3. # # Report bugs to . # @@ -651,8 +651,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libSM' PACKAGE_TARNAME='libSM' -PACKAGE_VERSION='1.2.2' -PACKAGE_STRING='libSM 1.2.2' +PACKAGE_VERSION='1.2.3' +PACKAGE_STRING='libSM 1.2.3' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=xorg' PACKAGE_URL='' @@ -1442,7 +1442,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libSM 1.2.2 to adapt to many kinds of systems. +\`configure' configures libSM 1.2.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1512,7 +1512,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libSM 1.2.2:";; + short | recursive ) echo "Configuration of libSM 1.2.3:";; esac cat <<\_ACEOF @@ -1652,7 +1652,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libSM configure 1.2.2 +libSM configure 1.2.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2087,7 +2087,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libSM $as_me 1.2.2, which was +It was created by libSM $as_me 1.2.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2916,7 +2916,7 @@ fi # Define the identity of the package. PACKAGE='libSM' - VERSION='1.2.2' + VERSION='1.2.3' cat >>confdefs.h <<_ACEOF @@ -17602,10 +17602,11 @@ _ACEOF -CHANGELOG_CMD="(GIT_DIR=\$(top_srcdir)/.git git log > \$(top_srcdir)/.changelog.tmp && \ +CHANGELOG_CMD="((GIT_DIR=\$(top_srcdir)/.git git log > \$(top_srcdir)/.changelog.tmp) 2>/dev/null && \ mv \$(top_srcdir)/.changelog.tmp \$(top_srcdir)/ChangeLog) \ -|| (rm -f \$(top_srcdir)/.changelog.tmp; touch \$(top_srcdir)/ChangeLog; \ -echo 'git directory not found: installing possibly empty changelog.' >&2)" +|| (rm -f \$(top_srcdir)/.changelog.tmp; test -e \$(top_srcdir)/ChangeLog || ( \ +touch \$(top_srcdir)/ChangeLog; \ +echo 'git failed to create ChangeLog: installing empty ChangeLog.' >&2))" @@ -17613,14 +17614,45 @@ echo 'git directory not found: installing possibly empty changelog.' >&2)" macros_datadir=`$PKG_CONFIG --print-errors --variable=pkgdatadir xorg-macros` INSTALL_CMD="(cp -f "$macros_datadir/INSTALL" \$(top_srcdir)/.INSTALL.tmp && \ mv \$(top_srcdir)/.INSTALL.tmp \$(top_srcdir)/INSTALL) \ -|| (rm -f \$(top_srcdir)/.INSTALL.tmp; touch \$(top_srcdir)/INSTALL; \ -echo 'util-macros \"pkgdatadir\" from xorg-macros.pc not found: installing possibly empty INSTALL.' >&2)" +|| (rm -f \$(top_srcdir)/.INSTALL.tmp; test -e \$(top_srcdir)/INSTALL || ( \ +touch \$(top_srcdir)/INSTALL; \ +echo 'failed to copy INSTALL from util-macros: installing empty INSTALL.' >&2))" +case $host_os in + solaris*) + # Solaris 2.0 - 11.3 use SysV man page section numbers, so we + # check for a man page file found in later versions that use + # traditional section numbers instead + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /usr/share/man/man7/attributes.7" >&5 +$as_echo_n "checking for /usr/share/man/man7/attributes.7... " >&6; } +if ${ac_cv_file__usr_share_man_man7_attributes_7+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/usr/share/man/man7/attributes.7"; then + ac_cv_file__usr_share_man_man7_attributes_7=yes +else + ac_cv_file__usr_share_man_man7_attributes_7=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__usr_share_man_man7_attributes_7" >&5 +$as_echo "$ac_cv_file__usr_share_man_man7_attributes_7" >&6; } +if test "x$ac_cv_file__usr_share_man_man7_attributes_7" = xyes; then : + SYSV_MAN_SECTIONS=false +else + SYSV_MAN_SECTIONS=true +fi + + ;; + *) SYSV_MAN_SECTIONS=false ;; +esac + if test x$APP_MAN_SUFFIX = x ; then APP_MAN_SUFFIX=1 fi @@ -17636,9 +17668,9 @@ if test x$LIB_MAN_DIR = x ; then fi if test x$FILE_MAN_SUFFIX = x ; then - case $host_os in - solaris*) FILE_MAN_SUFFIX=4 ;; - *) FILE_MAN_SUFFIX=5 ;; + case $SYSV_MAN_SECTIONS in + true) FILE_MAN_SUFFIX=4 ;; + *) FILE_MAN_SUFFIX=5 ;; esac fi if test x$FILE_MAN_DIR = x ; then @@ -17646,9 +17678,9 @@ if test x$FILE_MAN_DIR = x ; then fi if test x$MISC_MAN_SUFFIX = x ; then - case $host_os in - solaris*) MISC_MAN_SUFFIX=5 ;; - *) MISC_MAN_SUFFIX=7 ;; + case $SYSV_MAN_SECTIONS in + true) MISC_MAN_SUFFIX=5 ;; + *) MISC_MAN_SUFFIX=7 ;; esac fi if test x$MISC_MAN_DIR = x ; then @@ -17656,9 +17688,9 @@ if test x$MISC_MAN_DIR = x ; then fi if test x$DRIVER_MAN_SUFFIX = x ; then - case $host_os in - solaris*) DRIVER_MAN_SUFFIX=7 ;; - *) DRIVER_MAN_SUFFIX=4 ;; + case $SYSV_MAN_SECTIONS in + true) DRIVER_MAN_SUFFIX=7 ;; + *) DRIVER_MAN_SUFFIX=4 ;; esac fi if test x$DRIVER_MAN_DIR = x ; then @@ -17666,9 +17698,9 @@ if test x$DRIVER_MAN_DIR = x ; then fi if test x$ADMIN_MAN_SUFFIX = x ; then - case $host_os in - solaris*) ADMIN_MAN_SUFFIX=1m ;; - *) ADMIN_MAN_SUFFIX=8 ;; + case $SYSV_MAN_SECTIONS in + true) ADMIN_MAN_SUFFIX=1m ;; + *) ADMIN_MAN_SUFFIX=8 ;; esac fi if test x$ADMIN_MAN_DIR = x ; then @@ -17916,17 +17948,30 @@ esac fi # Test for the ability of xmlto to generate a text target +# +# NOTE: xmlto 0.0.27 or higher return a non-zero return code in the +# following test for empty XML docbook files. +# For compatibility reasons use the following empty XML docbook file and if +# it fails try it again with a non-empty XML file. have_xmlto_text=no cat > conftest.xml << "EOF" EOF if test "$have_xmlto" = yes; then : if $XMLTO --skip-validation txt conftest.xml >/dev/null 2>&1; then : have_xmlto_text=yes +else + # Try it again with a non-empty XML file. + cat > conftest.xml << "EOF" + +EOF + if $XMLTO --skip-validation txt conftest.xml >/dev/null 2>&1; then : + have_xmlto_text=yes else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: xmlto cannot generate text format, this format skipped" >&5 $as_echo "$as_me: WARNING: xmlto cannot generate text format, this format skipped" >&2;} fi fi +fi rm -f conftest.xml if test $have_xmlto_text = yes; then HAVE_XMLTO_TEXT_TRUE= @@ -19327,7 +19372,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libSM $as_me 1.2.2, which was +This file was extended by libSM $as_me 1.2.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19393,7 +19438,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libSM config.status 1.2.2 +libSM config.status 1.2.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/lib/libSM/configure.ac b/lib/libSM/configure.ac index 16b6ad109..c58c45fe0 100644 --- a/lib/libSM/configure.ac +++ b/lib/libSM/configure.ac @@ -1,7 +1,7 @@ # Initialize Autoconf AC_PREREQ(2.60) -AC_INIT([libSM], [1.2.2], +AC_INIT([libSM], [1.2.3], [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libSM]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) diff --git a/lib/libSM/doc/SMlib.xml b/lib/libSM/doc/SMlib.xml index 43579f995..eb97effa5 100644 --- a/lib/libSM/doc/SMlib.xml +++ b/lib/libSM/doc/SMlib.xml @@ -494,7 +494,7 @@ The Save Yourself callback is of type SmcSaveYourselfProc typedef void (*SaveYourselfProc) SmcConn smc_conn - SmcConn client_data + SmPointer client_data int save_type Bool shutdown int interact_style @@ -629,7 +629,7 @@ The Die callback is of type typedef void (*SmcDieProc) SmcConn smc_conn - SmcConn client_data + SmPointer client_data diff --git a/lib/libSM/src/Makefile.am b/lib/libSM/src/Makefile.am index a094ccc85..ace113b58 100644 --- a/lib/libSM/src/Makefile.am +++ b/lib/libSM/src/Makefile.am @@ -17,7 +17,6 @@ endif libSM_la_SOURCES = \ SMlibint.h \ - sm_auth.c \ sm_client.c \ sm_error.c \ sm_genid.c \ @@ -25,6 +24,8 @@ libSM_la_SOURCES = \ sm_misc.c \ sm_process.c +EXTRA_DIST = sm_auth.c + smincludedir=$(includedir)/X11/SM sminclude_HEADERS=\ $(top_srcdir)/include/X11/SM/SM.h \ diff --git a/lib/libSM/src/Makefile.in b/lib/libSM/src/Makefile.in index 19babfb35..ecb640537 100644 --- a/lib/libSM/src/Makefile.in +++ b/lib/libSM/src/Makefile.in @@ -96,7 +96,7 @@ LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = @WITH_LIBUUID_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) libSM_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) -am_libSM_la_OBJECTS = sm_auth.lo sm_client.lo sm_error.lo sm_genid.lo \ +am_libSM_la_OBJECTS = sm_client.lo sm_error.lo sm_genid.lo \ sm_manager.lo sm_misc.lo sm_process.lo libSM_la_OBJECTS = $(am_libSM_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -305,7 +305,6 @@ libSM_la_LDFLAGS = -version-number 6:0:1 -no-undefined libSM_la_LIBADD = $(SM_LIBS) $(am__append_2) libSM_la_SOURCES = \ SMlibint.h \ - sm_auth.c \ sm_client.c \ sm_error.c \ sm_genid.c \ @@ -313,6 +312,7 @@ libSM_la_SOURCES = \ sm_misc.c \ sm_process.c +EXTRA_DIST = sm_auth.c smincludedir = $(includedir)/X11/SM sminclude_HEADERS = \ $(top_srcdir)/include/X11/SM/SM.h \ @@ -396,7 +396,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm_client.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm_error.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sm_genid.Plo@am__quote@ diff --git a/lib/libSM/src/SMlibint.h b/lib/libSM/src/SMlibint.h index 794692059..94f13e997 100644 --- a/lib/libSM/src/SMlibint.h +++ b/lib/libSM/src/SMlibint.h @@ -183,80 +183,6 @@ in this Software without prior written authorization from The Open Group. } -/* - * EXTRACT FOO - */ - -#define EXTRACT_ARRAY8(_pBuf, _swap, _len, _array8) \ -{ \ - EXTRACT_CARD32 (_pBuf, _swap, _len); \ - _array8 = malloc (_len + 1); \ - memcpy (_array8, _pBuf, _len); \ - _array8[_len] = '\0'; \ - _pBuf += _len + PAD64 (4 + _len); \ -} - -#define EXTRACT_ARRAY8_AS_STRING(_pBuf, _swap, _string) \ -{ \ - CARD32 _len; \ - EXTRACT_CARD32 (_pBuf, _swap, _len); \ - _string = malloc (_len + 1); \ - memcpy (_string, _pBuf, _len); \ - _string[_len] = '\0'; \ - _pBuf += _len + PAD64 (4 + _len); \ -} - -#define EXTRACT_LISTOF_PROPERTY(_pBuf, _swap, _count, _props) \ -{ \ - int _i, _j; \ - EXTRACT_CARD32 (_pBuf, _swap, _count); \ - _pBuf += 4; \ - _props = malloc (_count * sizeof (SmProp *)); \ - for (_i = 0; _i < _count; _i++) \ - { \ - _props[_i] = malloc (sizeof (SmProp)); \ - EXTRACT_ARRAY8_AS_STRING (_pBuf, _swap, _props[_i]->name); \ - EXTRACT_ARRAY8_AS_STRING (_pBuf, _swap, _props[_i]->type); \ - EXTRACT_CARD32 (_pBuf, _swap, _props[_i]->num_vals); \ - _pBuf += 4; \ - _props[_i]->vals = malloc ( \ - _props[_i]->num_vals * sizeof (SmPropValue)); \ - for (_j = 0; _j < _props[_i]->num_vals; _j++) \ - { \ - char *_temp; \ - EXTRACT_ARRAY8 (_pBuf, _swap, _props[_i]->vals[_j].length, _temp);\ - _props[_i]->vals[_j].value = (SmPointer) _temp; \ - } \ - } \ -} - - -#define SKIP_ARRAY8(_pBuf, _swap) \ -{ \ - CARD32 _len; \ - EXTRACT_CARD32 (_pBuf, _swap, _len); \ - _pBuf += _len + PAD64 (4 + _len); \ -} - -#define SKIP_LISTOF_PROPERTY(_pBuf, _swap) \ -{ \ - CARD32 _i, _j; \ - CARD32 _count; \ - EXTRACT_CARD32 (_pBuf, _swap, _count); \ - _pBuf += 4; \ - for (_i = 0; _i < _count; _i++) \ - { \ - CARD32 _numvals; \ - SKIP_ARRAY8 (_pBuf, _swap); \ - SKIP_ARRAY8 (_pBuf, _swap); \ - EXTRACT_CARD32 (_pBuf, _swap, _numvals); \ - _pBuf += 4; \ - for (_j = 0; _j < _numvals; _j++) \ - SKIP_ARRAY8 (_pBuf, _swap);\ - } \ -} - - /* * Client replies not processed by callbacks (we block for them). */ diff --git a/lib/libSM/src/sm_genid.c b/lib/libSM/src/sm_genid.c index 9535cd136..1a8b9a0ed 100644 --- a/lib/libSM/src/sm_genid.c +++ b/lib/libSM/src/sm_genid.c @@ -64,6 +64,7 @@ in this Software without prior written authorization from The Open Group. # include #endif #include +#include #include #define Time_t time_t diff --git a/lib/libSM/src/sm_process.c b/lib/libSM/src/sm_process.c index 95883b9bb..ee38057c6 100644 --- a/lib/libSM/src/sm_process.c +++ b/lib/libSM/src/sm_process.c @@ -32,6 +32,7 @@ in this Software without prior written authorization from The Open Group. #include #endif #include +#include #include "SMlibint.h" @@ -53,15 +54,120 @@ in this Software without prior written authorization from The Open Group. return; \ } -#define CHECK_COMPLETE_SIZE(_iceConn, _majorOp, _minorOp, _expected_len, _actual_len, _pStart, _severity) \ - if (((unsigned long)(PADDED_BYTES64((_actual_len)) - SIZEOF (iceMsg)) >> 3) \ - != _expected_len) \ - { \ - _IceErrorBadLength (_iceConn, _majorOp, _minorOp, _severity); \ - IceDisposeCompleteMessage (iceConn, _pStart); \ - return; \ + +static char * +extractArray8(char **pBuf, char *pEnd, Bool swap, int *len) +{ + char *p; + int n; + + if (pEnd - *pBuf < 4) + return NULL; + EXTRACT_CARD32 (*pBuf, swap, n); + if (n < 0 || n > INT_MAX - 7) + return NULL; + + if ((p = malloc (n + 1)) == NULL) + return NULL; + memcpy(p, *pBuf, n); + p[n] = '\0'; + + *pBuf += n + PAD64 (4 + n); + if (len != NULL) + *len = n; + + return p; +} + + +static SmProp ** +extractListofProperty(char *pBuf, char *pEnd, Bool swap, int *count) +{ + int i, j, n; + SmProp **props; + + if (pEnd - pBuf < 4) + return NULL; + EXTRACT_CARD32 (pBuf, swap, n); + if (n < 0 || n > INT_MAX / sizeof (SmProp *)) + return NULL; + pBuf += 4; + + props = malloc (n * sizeof(SmProp *)); + if (props == NULL) + return NULL; + + for (i = 0; i < n; i++) + { + props[i] = calloc (1, sizeof (SmProp)); + if (props[i] == NULL) + goto fail; + if ((props[i]->name = extractArray8 (&pBuf, pEnd, swap, NULL)) == NULL) + goto fail; + if ((props[i]->type = extractArray8 (&pBuf, pEnd, swap, NULL)) == NULL) + goto fail; + + if (pEnd - pBuf < 4) + goto fail; + EXTRACT_CARD32 (pBuf, swap, props[i]->num_vals); + if (props[i]->num_vals < 0) + goto fail; + pBuf += 4; + props[i]->vals = calloc (props[i]->num_vals, sizeof (SmPropValue)); + if (props[i]->vals == NULL) + goto fail; + + for (j = 0; j < props[i]->num_vals; j++) + { + props[i]->vals[j].value = extractArray8 (&pBuf, pEnd, swap, + &props[i]->vals[j].length); + if (props[i]->vals[j].value == NULL) + goto fail; + } + } + + *count = n; + return props; + +fail: + for (; i >= 0; i--) + { + if (props[i] != NULL) + { + free (props[i]->name); + free (props[i]->type); + if (props[i]->vals != NULL) + { + for (j = 0; j < props[i]->num_vals; j++) + free (props[i]->vals[j].value); + free (props[i]->vals); + } + free (props[i]); + } + } + free (props); + return NULL; +} + + +static Bool +validErrorMessage(char *pData, char *pEnd, int errorClass, Bool swap) +{ + if (errorClass == IceBadValue) + { + unsigned int length; + + if (pEnd - pData < 8) + return False; + + pData += 4; + EXTRACT_CARD32 (pData, swap, length); + if (length > pEnd - pData) + return False; } + return True; +} void @@ -88,7 +194,7 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_Error: { iceErrorMsg *pMsg; - char *pData; + char *pData, *pEnd; CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode, length, SIZEOF (iceErrorMsg), IceFatalToProtocol); @@ -108,6 +214,8 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum); } + pEnd = pData + (length << 3) - (SIZEOF (iceErrorMsg) - SIZEOF(iceMsg)); + if (replyWait && replyWait->minor_opcode_of_request == SM_RegisterClient && pMsg->errorClass == IceBadValue && @@ -125,6 +233,13 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, *replyReadyRet = True; } + else if (!validErrorMessage(pData, pEnd, pMsg->errorClass, swap)) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pData); + return; + } else { (*_SmcErrorHandler) (smcConn, swap, @@ -151,14 +266,12 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, else { smRegisterClientReplyMsg *pMsg; - char *pData, *pStart; + char *pData, *pStart, *pEnd; _SmcRegisterClientReply *reply = (_SmcRegisterClientReply *) (replyWait->reply); -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode, length, SIZEOF (smRegisterClientReplyMsg), IceFatalToProtocol); -#endif IceReadCompleteMessage (iceConn, SIZEOF (smRegisterClientReplyMsg), smRegisterClientReplyMsg, pMsg, pStart); @@ -170,16 +283,16 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, } pData = pStart; + pEnd = pStart + (length << 3) - + (SIZEOF (smRegisterClientReplyMsg) - SIZEOF (iceMsg)); - SKIP_ARRAY8 (pData, swap); /* client id */ - - CHECK_COMPLETE_SIZE (iceConn, _SmcOpcode, opcode, - length, pData - pStart + SIZEOF (smRegisterClientReplyMsg), - pStart, IceFatalToProtocol); - - pData = pStart; - - EXTRACT_ARRAY8_AS_STRING (pData, swap, reply->client_id); + reply->client_id = extractArray8(&pData, pEnd, swap, NULL); + if (reply->client_id == NULL) { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } reply->status = 1; *replyReadyRet = True; @@ -357,15 +470,13 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, else { smPropertiesReplyMsg *pMsg; - char *pData, *pStart; - int numProps; + char *pStart, *pEnd; + int numProps = 0; SmProp **props = NULL; _SmcPropReplyWait *next; -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmcOpcode, opcode, length, SIZEOF (smPropertiesReplyMsg), IceFatalToProtocol); -#endif IceReadCompleteMessage (iceConn, SIZEOF (smPropertiesReplyMsg), smPropertiesReplyMsg, pMsg, pStart); @@ -376,17 +487,17 @@ _SmcProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, return; } - pData = pStart; - - SKIP_LISTOF_PROPERTY (pData, swap); - - CHECK_COMPLETE_SIZE (iceConn, _SmcOpcode, opcode, - length, pData - pStart + SIZEOF (smPropertiesReplyMsg), - pStart, IceFatalToProtocol); + pEnd = pStart + (length << 3) - + (SIZEOF (smPropertiesReplyMsg) - SIZEOF (iceMsg)); - pData = pStart; - - EXTRACT_LISTOF_PROPERTY (pData, swap, numProps, props); + props = extractListofProperty(pStart, pEnd, swap, &numProps); + if (props == NULL) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } next = smcConn->prop_reply_waits->next; @@ -432,7 +543,7 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_Error: { iceErrorMsg *pMsg; - char *pData; + char *pData, *pEnd; CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode, length, SIZEOF (iceErrorMsg), IceFatalToProtocol); @@ -452,6 +563,16 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, pMsg->offendingSequenceNum = lswapl (pMsg->offendingSequenceNum); } + pEnd = pData + (length << 3) - (SIZEOF (iceErrorMsg) - SIZEOF (iceMsg)); + + if (!validErrorMessage(pData, pEnd, pMsg->errorClass, swap)) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pData); + return; + } + (*_SmsErrorHandler) (smsConn, swap, pMsg->offendingMinorOpcode, pMsg->offendingSequenceNum, @@ -465,14 +586,12 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_RegisterClient: { smRegisterClientMsg *pMsg; - char *pData, *pStart; + char *pData, *pStart, *pEnd; char *previousId; int idLen; -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode, length, SIZEOF (smRegisterClientMsg), IceFatalToProtocol); -#endif IceReadCompleteMessage (iceConn, SIZEOF (smRegisterClientMsg), smRegisterClientMsg, pMsg, pStart); @@ -484,16 +603,17 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, } pData = pStart; + pEnd = pStart + (length << 3) - + (SIZEOF (smRegisterClientMsg) - SIZEOF (iceMsg)); - SKIP_ARRAY8 (pData, swap); /* previous id */ - - CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode, - length, pData - pStart + SIZEOF (smRegisterClientMsg), - pStart, IceFatalToProtocol); - - pData = pStart; - - EXTRACT_ARRAY8 (pData, swap, idLen, previousId); + previousId = extractArray8(&pData, pEnd, swap, &idLen); + if (previousId == NULL) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } if (*previousId == '\0') { @@ -720,14 +840,12 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_CloseConnection: { smCloseConnectionMsg *pMsg; - char *pData, *pStart; + char *pData, *pStart, *pEnd; int count, i; char **reasonMsgs = NULL; -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode, - length, SIZEOF (smCloseConnectionMsg), IceFatalToProtocol); -#endif + length, SIZEOF (smCloseConnectionMsg) + 8, IceFatalToProtocol); IceReadCompleteMessage (iceConn, SIZEOF (smCloseConnectionMsg), smCloseConnectionMsg, pMsg, pStart); @@ -739,22 +857,35 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, } pData = pStart; + pEnd = pStart + (length << 3) - + (SIZEOF (smCloseConnectionMsg) - SIZEOF (iceMsg)); EXTRACT_CARD32 (pData, swap, count); pData += 4; - for (i = 0; i < count; i++) - SKIP_ARRAY8 (pData, swap); - - CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode, - length, pData - pStart + SIZEOF (smCloseConnectionMsg), - pStart, IceFatalToProtocol); - - pData = pStart + 8; + if (count < 0 || count > INT_MAX / sizeof (char *) || + (reasonMsgs = malloc (count * sizeof (char *))) == NULL) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } - reasonMsgs = malloc (count * sizeof (char *)); for (i = 0; i < count; i++) - EXTRACT_ARRAY8_AS_STRING (pData, swap, reasonMsgs[i]); + { + reasonMsgs[i] = extractArray8(&pData, pEnd, swap, NULL); + if (reasonMsgs[i] == NULL) + break; + } + if (i != count) { + while (i-- > 0) + free (reasonMsgs[i]); + free (reasonMsgs); + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } IceDisposeCompleteMessage (iceConn, pStart); @@ -767,14 +898,12 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_SetProperties: { smSetPropertiesMsg *pMsg; - char *pData, *pStart; + char *pStart, *pEnd; SmProp **props = NULL; - int numProps; + int numProps = 0; -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode, length, SIZEOF (smSetPropertiesMsg), IceFatalToProtocol); -#endif IceReadCompleteMessage (iceConn, SIZEOF (smSetPropertiesMsg), smSetPropertiesMsg, pMsg, pStart); @@ -785,17 +914,17 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, return; } - pData = pStart; - - SKIP_LISTOF_PROPERTY (pData, swap); - - CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode, - length, pData - pStart + SIZEOF (smSetPropertiesMsg), - pStart, IceFatalToProtocol); + pEnd = pStart + (length << 3) - + (SIZEOF (smSetPropertiesMsg) - SIZEOF (iceMsg)); - pData = pStart; - - EXTRACT_LISTOF_PROPERTY (pData, swap, numProps, props); + props = extractListofProperty(pStart, pEnd, swap, &numProps); + if (props == NULL) + { + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } (*smsConn->callbacks.set_properties.callback) (smsConn, smsConn->callbacks.set_properties.manager_data, numProps, props); @@ -807,14 +936,12 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, case SM_DeleteProperties: { smDeletePropertiesMsg *pMsg; - char *pData, *pStart; + char *pData, *pStart, *pEnd; int count, i; char **propNames = NULL; -#if 0 /* No-op */ CHECK_AT_LEAST_SIZE (iceConn, _SmsOpcode, opcode, - length, SIZEOF (smDeletePropertiesMsg), IceFatalToProtocol); -#endif + length, SIZEOF (smDeletePropertiesMsg) + 8, IceFatalToProtocol); IceReadCompleteMessage (iceConn, SIZEOF (smDeletePropertiesMsg), smDeletePropertiesMsg, pMsg, pStart); @@ -826,22 +953,35 @@ _SmsProcessMessage(IceConn iceConn, IcePointer clientData, int opcode, } pData = pStart; + pEnd = pStart + (length << 3) - + (SIZEOF (smDeletePropertiesMsg) - SIZEOF (iceMsg)); EXTRACT_CARD32 (pData, swap, count); pData += 4; - for (i = 0; i < count; i++) - SKIP_ARRAY8 (pData, swap); /* prop names */ - - CHECK_COMPLETE_SIZE (iceConn, _SmsOpcode, opcode, - length, pData - pStart + SIZEOF (smDeletePropertiesMsg), - pStart, IceFatalToProtocol); - - pData = pStart + 8; + if (count < 0 || count > INT_MAX / sizeof (char *) || + (propNames = malloc (count * sizeof (char *))) == NULL) + { + IceDisposeCompleteMessage (iceConn, pStart); + return; + } - propNames = malloc (count * sizeof (char *)); for (i = 0; i < count; i++) - EXTRACT_ARRAY8_AS_STRING (pData, swap, propNames[i]); + { + propNames[i] = extractArray8(&pData, pEnd, swap, NULL); + if (propNames[i] == NULL) + break; + } + if (i != count) + { + while (i-- > 0) + free (propNames[i]); + free (propNames); + _IceErrorBadLength (iceConn, _SmcOpcode, opcode, + IceFatalToProtocol); + IceDisposeCompleteMessage (iceConn, pStart); + return; + } IceDisposeCompleteMessage (iceConn, pStart); -- cgit v1.2.3