Timo Aaltonen pushed to branch upstream-unstable at X Strike Force / lib / libxau
Commits: 67beb3d0 by Fuminobu TAKEYAMA at 2013-09-29T09:21:05-07:00 XauFileName: reset bsize when malloc failed https://bugs.freedesktop.org/show_bug.cgi?id=69929 Reviewed-by: Alan Coopersmith <[email protected]> Signed-off-by: Alan Coopersmith <[email protected]> - - - - - 304a11be by Alan Coopersmith at 2013-09-29T09:23:45-07:00 XauFileName: always go through buf allocation if buf is NULL Signed-off-by: Alan Coopersmith <[email protected]> - - - - - 1e4635be by Jeremy Huddleston Sequoia at 2014-01-02T01:07:41-08:00 Silence a benign static analysis warning with an assert of allocation size AuFileName.c:72:8: warning: Call to 'malloc' has an allocation size of 0 bytes buf = malloc (size); ^~~~~~~~~~~~~ Signed-off-by: Jeremy Huddleston Sequoia <[email protected]> - - - - - 33f792eb by Peter Hutterer at 2017-01-26T11:59:25+10:00 autogen.sh: use exec instead of waiting for configure to finish Syncs the invocation of configure with the one from the server. Signed-off-by: Peter Hutterer <[email protected]> Reviewed-by: Emil Velikov <[email protected]> - - - - - fca98447 by Emil Velikov at 2017-01-26T11:59:25+10:00 autogen.sh: use quoted string variables Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent fall-outs, when they contain space. Signed-off-by: Emil Velikov <[email protected]> Reviewed-by: Peter Hutterer <[email protected]> Signed-off-by: Peter Hutterer <[email protected]> - - - - - 42e152c6 by Mihail Konev at 2017-01-26T13:52:49+10:00 autogen: add default patch prefix Signed-off-by: Mihail Konev <[email protected]> - - - - - 987fee49 by Tobias Stoeckmann at 2017-10-20T14:51:03-04:00 Avoid out of boundary read access If the environment variable HOME is empty, XauFileName triggers an out of boundary read access (name[1]). If HOME consists of a single character relative path, the output becomes unexpected, because "HOME=a" leads to "a.Xauthority" instead of "a/.Xauthority". Granted, a relative HOME path leads to trouble in general, the code should properly return "a/.Xauthority" nonetheless. Signed-off-by: Tobias Stoeckmann <[email protected]> Reviewed-by: Alan Coopersmith <[email protected]> - - - - - fdbb2127 by walter harms at 2017-10-30T15:49:11+00:00 AuDispose.c:remove redundant null check on calling free() redundant null check on auth->address calling free() redundant null check on auth->number calling free() redundant null check on auth->name calling free() Signed-off-by: Walter Harms <[email protected]> Reviewed-by: Daniel Martin <[email protected]> Reviewed-by: Emil Velikov <[email protected]> - - - - - cf6cc845 by walter harms at 2017-10-30T15:49:38+00:00 Au FileName.c: remove redundant null check on calling free() remove redundant null check on calling free() Signed-off-by: Walter Harms <[email protected]> Reviewed-by: Daniel Martin <[email protected]> Reviewed-by: Emil Velikov <[email protected]> - - - - - 7ba7085b by walter harms at 2017-10-30T15:49:41+00:00 AuRead.c: remove redundant null check on calling free() this removes simply unneeded code from XauReadAuth Signed-off-by: Walter Harms <[email protected]> Reviewed-by: Daniel Martin <[email protected]> Reviewed-by: Emil Velikov <[email protected]> - - - - - 6f0b6fcf by Alan Coopersmith at 2018-12-07T19:38:53-08:00 Update configure.ac bug URL for gitlab migration Signed-off-by: Alan Coopersmith <[email protected]> - - - - - d9443b2c by Alan Coopersmith at 2019-02-10T14:42:30-08:00 libXau 1.0.9 Signed-off-by: Alan Coopersmith <[email protected]> - - - - - 5 changed files: - AuDispose.c - AuFileName.c - AuRead.c - autogen.sh - configure.ac Changes: ===================================== AuDispose.c ===================================== @@ -34,9 +34,9 @@ void XauDisposeAuth (Xauth *auth) { if (auth) { - if (auth->address) (void) free (auth->address); - if (auth->number) (void) free (auth->number); - if (auth->name) (void) free (auth->name); + free (auth->address); + free (auth->number); + free (auth->name); if (auth->data) { (void) bzero (auth->data, auth->data_length); (void) free (auth->data); ===================================== AuFileName.c ===================================== @@ -29,6 +29,7 @@ in this Software without prior written authorization from The Open Group. #endif #include <X11/Xauth.h> #include <X11/Xos.h> +#include <assert.h> #include <stdlib.h> static char *buf = NULL; @@ -66,12 +67,14 @@ XauFileName (void) return NULL; } size = strlen (name) + strlen(&slashDotXauthority[1]) + 2; - if (size > bsize) { - if (buf) - free (buf); + if ((size > bsize) || (buf == NULL)) { + free (buf); + assert(size > 0); buf = malloc (size); - if (!buf) + if (!buf) { + bsize = 0; return NULL; + } if (!atexit_registered) { atexit(free_filename_buffer); @@ -81,6 +84,6 @@ XauFileName (void) bsize = size; } snprintf (buf, bsize, "%s%s", name, - slashDotXauthority + (name[1] == '\0' ? 1 : 0)); + slashDotXauthority + (name[0] == '/' && name[1] == '\0' ? 1 : 0)); return buf; } ===================================== AuRead.c ===================================== @@ -77,25 +77,25 @@ XauReadAuth (FILE *auth_file) if (read_counted_string (&local.address_length, &local.address, auth_file) == 0) return NULL; if (read_counted_string (&local.number_length, &local.number, auth_file) == 0) { - if (local.address) free (local.address); + free (local.address); return NULL; } if (read_counted_string (&local.name_length, &local.name, auth_file) == 0) { - if (local.address) free (local.address); - if (local.number) free (local.number); + free (local.address); + free (local.number); return NULL; } if (read_counted_string (&local.data_length, &local.data, auth_file) == 0) { - if (local.address) free (local.address); - if (local.number) free (local.number); - if (local.name) free (local.name); + free (local.address); + free (local.number); + free (local.name); return NULL; } ret = (Xauth *) malloc (sizeof (Xauth)); if (!ret) { - if (local.address) free (local.address); - if (local.number) free (local.number); - if (local.name) free (local.name); + free (local.address); + free (local.number); + free (local.name); if (local.data) { bzero (local.data, local.data_length); free (local.data); ===================================== autogen.sh ===================================== @@ -1,14 +1,17 @@ #! /bin/sh -srcdir=`dirname $0` +srcdir=`dirname "$0"` test -z "$srcdir" && srcdir=. ORIGDIR=`pwd` -cd $srcdir +cd "$srcdir" autoreconf -v --install || exit 1 -cd $ORIGDIR || exit $? +cd "$ORIGDIR" || exit $? + +git config --local --get format.subjectPrefix >/dev/null 2>&1 || + git config --local format.subjectPrefix "PATCH libXau" if test -z "$NOCONFIGURE"; then - $srcdir/configure "$@" + exec "$srcdir"/configure "$@" fi ===================================== configure.ac ===================================== @@ -22,8 +22,8 @@ # Initialize Autoconf AC_PREREQ([2.60]) -AC_INIT([libXau], [1.0.8], - [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], [libXau]) +AC_INIT([libXau], [1.0.9], + [https://gitlab.freedesktop.org/xorg/lib/libXau/issues], [libXau]) AC_CONFIG_SRCDIR([Makefile.am]) AC_CONFIG_HEADERS([config.h]) AC_USE_SYSTEM_EXTENSIONS View it on GitLab: https://salsa.debian.org/xorg-team/lib/libxau/-/compare/899790011304c4029e15abf410e49ce7cec17e0a...d9443b2c57b512cfb250b35707378654d86c7dea -- View it on GitLab: https://salsa.debian.org/xorg-team/lib/libxau/-/compare/899790011304c4029e15abf410e49ce7cec17e0a...d9443b2c57b512cfb250b35707378654d86c7dea You're receiving this email because of your account on salsa.debian.org.
