Darcsweb-Url:
http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=frugalware-0.6;a=darcs_commitdiff;h=20070907063715-dd049-3885e04063a127d9b91f00cfb647fa4ac5a7a374.gz;
[gdm-2.18.0-2terminus1-i686
voroskoi <[EMAIL PROTECTED]>**20070907063715
secfix relbump, closes #2329
] {
addfile ./source/gnome/gdm/CVE-2007-3381.diff
hunk ./source/gnome/gdm/CVE-2007-3381.diff 1
+--- gnome-2-18/daemon/gdm.c 2007/04/09 02:31:48 4777
++++ gnome-2-18/daemon/gdm.c 2007/07/12 00:06:52 5062
+@@ -2557,190 +2557,216 @@
+ NULL, 0, NULL, NULL, NULL);
+ } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ERROR_DIALOG,
+ strlen ("opcode="GDM_SOP_SHOW_ERROR_DIALOG)) == 0) {
+- GdmDisplay *d;
+- GtkMessageType type;
+ char **list;
+- char *ptr;
+- char *error;
+- char *details_label;
+- char *details_file;
+- long slave_pid;
+- int uid, gid;
+-
+ list = g_strsplit (msg, "$$", -1);
+
+- ptr = strchr (list[1], '=');
+- slave_pid = atol (ptr + 1);
+-
+- ptr = strchr (list[2], '=');
+- type = atoi (ptr + 1);
+-
+- ptr = strchr (list[3], '=');
+- error = g_malloc0 (strlen (ptr));
+- strcpy (error, ptr + 1);
+-
+- ptr = strchr (list[4], '=');
+- details_label = g_malloc0 (strlen (ptr));
+- strcpy (details_label, ptr + 1);
+-
+- ptr = strchr (list[5], '=');
+- details_file = g_malloc0 (strlen (ptr));
+- strcpy (details_file, ptr + 1);
+-
+- ptr = strchr (list[6], '=');
+- uid = atoi (ptr + 1);
+-
+- ptr = strchr (list[7], '=');
+- gid = atoi (ptr + 1);
++ if (ve_vector_len (list) == 8) {
++ GdmDisplay *d;
++ GtkMessageType type;
++ char *ptr;
++ char *error;
++ char *details_label;
++ char *details_file;
++ long slave_pid;
++ int uid, gid;
++
++ ptr = strchr (list[1], '=');
++ slave_pid = atol (ptr + 1);
++
++ ptr = strchr (list[2], '=');
++ type = atoi (ptr + 1);
++
++ ptr = strchr (list[3], '=');
++ error = g_malloc0 (strlen (ptr));
++ strcpy (error, ptr + 1);
++
++ ptr = strchr (list[4], '=');
++ details_label = g_malloc0 (strlen (ptr));
++ strcpy (details_label, ptr + 1);
++
++ ptr = strchr (list[5], '=');
++ details_file = g_malloc0 (strlen (ptr));
++ strcpy (details_file, ptr + 1);
++
++ ptr = strchr (list[6], '=');
++ uid = atoi (ptr + 1);
++
++ ptr = strchr (list[7], '=');
++ gid = atoi (ptr + 1);
++
++ d = gdm_display_lookup (slave_pid);
++
++ if (d != NULL) {
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0644));
++ }
+
+- d = gdm_display_lookup (slave_pid);
++ gdm_error_box_full (d, type, error,
++ details_label, details_file, 0, 0);
+
+- if (d != NULL) {
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0644));
+- }
+-
+- gdm_error_box_full (d, type, error, details_label,
details_file, 0, 0);
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0640));
++ }
+
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0640));
++ send_slave_ack_dialog_char (d,
++ GDM_SLAVE_NOTIFY_ERROR_RESPONSE, NULL);
+ }
+-
+- send_slave_ack_dialog_char (d,
GDM_SLAVE_NOTIFY_ERROR_RESPONSE, NULL);
++ g_free (error);
++ g_free (details_label);
++ g_free (details_file);
+ }
+
+- g_free (error);
+- g_free (details_label);
+- g_free (details_file);
+ g_strfreev (list);
+ } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_YESNO_DIALOG,
+- strlen ("opcode="GDM_SOP_SHOW_YESNO_DIALOG)) ==
0) {
+- GdmDisplay *d;
++ strlen ("opcode="GDM_SOP_SHOW_YESNO_DIALOG)) == 0)
{
+ char **list;
+- char *ptr;
+- char *yesno_msg;
+- long slave_pid;
+- gboolean response_yesno;
+-
+ list = g_strsplit (msg, "$$", -1);
+
+- ptr = strchr (list [1], '=');
+- slave_pid = atol (ptr + 1);
+-
+- ptr = strchr (list [2], '=');
+- yesno_msg = g_malloc0 (strlen (ptr));
+- strcpy (yesno_msg, ptr + 1);
+-
+- d = gdm_display_lookup (slave_pid);
+- if (d != NULL) {
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0644));
+- }
+-
+- response_yesno = gdm_failsafe_yesno (d, yesno_msg);
++ if (ve_vector_len (list) == 3) {
++ GdmDisplay *d;
++ char *ptr;
++ char *yesno_msg;
++ long slave_pid;
++ gboolean resp;
++
++ ptr = strchr (list [1], '=');
++ slave_pid = atol (ptr + 1);
++
++ ptr = strchr (list [2], '=');
++ yesno_msg = g_malloc0 (strlen (ptr));
++ strcpy (yesno_msg, ptr + 1);
++
++ d = gdm_display_lookup (slave_pid);
++ if (d != NULL) {
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0644));
++ }
+
+- send_slave_ack_dialog_int (d,
GDM_SLAVE_NOTIFY_YESNO_RESPONSE, response_yesno);
++ resp = gdm_failsafe_yesno (d, yesno_msg);
+
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0640));
++ send_slave_ack_dialog_int (d,
++ GDM_SLAVE_NOTIFY_YESNO_RESPONSE,
++ resp);
++
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0640));
++ }
+ }
+- }
+
+- g_free (yesno_msg);
++ g_free (yesno_msg);
++ }
+ g_strfreev (list);
+ } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_QUESTION_DIALOG,
+ strlen ("opcode="GDM_SOP_SHOW_QUESTION_DIALOG))
== 0) {
+- GdmDisplay *d;
+ char **list;
+- char *ptr;
+- char *question_msg;
+- char *response_question;
+- long slave_pid;
+- gboolean echo;
+-
+ list = g_strsplit (msg, "$$", -1);
+
+- ptr = strchr (list [1], '=');
+- slave_pid = atol (ptr + 1);
+-
+- ptr = strchr (list [2], '=');
+- question_msg = g_malloc0 (strlen (ptr));
+- strcpy (question_msg, ptr + 1);
+-
+- ptr = strchr (list [3], '=');
+- echo = atoi (ptr + 1);
+-
+- d = gdm_display_lookup (slave_pid);
+- if (d != NULL) {
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0644));
+- }
+-
+- response_question = gdm_failsafe_question (d,
question_msg, echo);
++ if (ve_vector_len (list) == 4) {
++ GdmDisplay *d;
++ char *ptr;
++ char *question_msg;
++ char *resp;
++ long slave_pid;
++ gboolean echo;
++
++ ptr = strchr (list [1], '=');
++ slave_pid = atol (ptr + 1);
++
++ ptr = strchr (list [2], '=');
++ question_msg = g_malloc0 (strlen (ptr));
++ strcpy (question_msg, ptr + 1);
++
++ ptr = strchr (list [3], '=');
++ echo = atoi (ptr + 1);
++
++ d = gdm_display_lookup (slave_pid);
++ if (d != NULL) {
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0644));
++ }
+
+- send_slave_ack_dialog_char (d,
GDM_SLAVE_NOTIFY_QUESTION_RESPONSE, response_question);
++ resp = gdm_failsafe_question (d,
++ question_msg, echo);
+
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0640));
++ send_slave_ack_dialog_char (d,
++ GDM_SLAVE_NOTIFY_QUESTION_RESPONSE,
++ resp);
++
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0640));
++ }
+ }
+- }
+
+- g_free (question_msg);
++ g_free (question_msg);
++ }
+ g_strfreev (list);
+ } else if (strncmp (msg, "opcode="GDM_SOP_SHOW_ASKBUTTONS_DIALOG,
+ strlen ("opcode="GDM_SOP_SHOW_ASKBUTTONS_DIALOG))
== 0) {
+- GdmDisplay *d;
+- char *askbuttons_msg;
+ char **list;
+- char *ptr;
+- char *options[4];
+- long slave_pid;
+- int i;
+- int response_askbuttons;
+-
+ list = g_strsplit (msg, "$$", -1);
+
+- ptr = strchr (list [1], '=');
+- slave_pid = atol (ptr + 1);
+-
+- ptr = strchr (list [2], '=');
+- askbuttons_msg = g_malloc0 (strlen (ptr));
+- strcpy (askbuttons_msg, ptr + 1);
+-
+- ptr = strchr (list [3], '=');
+- options[0] = g_malloc0 (strlen (ptr));
+- strcpy (options[0], ptr + 1);
+-
+- ptr = strchr (list [4], '=');
+- options[1] = g_malloc0 (strlen (ptr));
+- strcpy (options[1], ptr + 1);
+-
+- ptr = strchr (list [5], '=');
+- options[2] = g_malloc0 (strlen (ptr));
+- strcpy (options[2], ptr + 1);
+-
+- ptr = strchr (list [6], '=');
+- options[3] = g_malloc0 (strlen (ptr));
+- strcpy (options[3], ptr + 1);
+-
+- d = gdm_display_lookup (slave_pid);
+- if (d != NULL) {
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0644));
+- }
++ if (ve_vector_len (list) == 7) {
++ GdmDisplay *d;
++ char *askbuttons_msg;
++ char *ptr;
++ char *options[4];
++ long slave_pid;
++ int i;
++ int resp;
++
++ ptr = strchr (list [1], '=');
++ slave_pid = atol (ptr + 1);
++
++ ptr = strchr (list [2], '=');
++ askbuttons_msg = g_malloc0 (strlen (ptr));
++ strcpy (askbuttons_msg, ptr + 1);
++
++ ptr = strchr (list [3], '=');
++ options[0] = g_malloc0 (strlen (ptr));
++ strcpy (options[0], ptr + 1);
++
++ ptr = strchr (list [4], '=');
++ options[1] = g_malloc0 (strlen (ptr));
++ strcpy (options[1], ptr + 1);
++
++ ptr = strchr (list [5], '=');
++ options[2] = g_malloc0 (strlen (ptr));
++ strcpy (options[2], ptr + 1);
++
++ ptr = strchr (list [6], '=');
++ options[3] = g_malloc0 (strlen (ptr));
++ strcpy (options[3], ptr + 1);
++
++ d = gdm_display_lookup (slave_pid);
++ if (d != NULL) {
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0644));
++ }
+
+- response_askbuttons = gdm_failsafe_ask_buttons (d,
askbuttons_msg, options);
++ resp = gdm_failsafe_ask_buttons (d,
++ askbuttons_msg, options);
+
+- send_slave_ack_dialog_int (d,
GDM_SLAVE_NOTIFY_ASKBUTTONS_RESPONSE, response_askbuttons);
+- if (GDM_AUTHFILE (d)) {
+- VE_IGNORE_EINTR (chmod (GDM_AUTHFILE (d),
0640));
++ send_slave_ack_dialog_int (d,
++ GDM_SLAVE_NOTIFY_ASKBUTTONS_RESPONSE,
++ resp);
++ if (GDM_AUTHFILE (d)) {
++ VE_IGNORE_EINTR (
++ chmod (GDM_AUTHFILE (d), 0640));
++ }
+ }
+- }
+
+- g_free (askbuttons_msg);
++ g_free (askbuttons_msg);
+
+- for (i = 0; i < 3; i ++)
+- g_free (options[i]);
++ for (i = 0; i < 3; i ++)
++ g_free (options[i]);
++ }
+ g_strfreev (list);
+ }
+ }
+@@ -3481,9 +3507,13 @@
+
+ } else if (strncmp (msg, GDM_SUP_GET_SERVER_DETAILS " ",
+ strlen (GDM_SUP_GET_SERVER_DETAILS " ")) == 0) {
+- const gchar *server = &msg[strlen (GDM_SUP_GET_SERVER_DETAILS "
")];
+- gchar **splitstr = g_strsplit (server, " ", 2);
+- GdmXserver *svr = gdm_find_xserver ((gchar *)splitstr[0]);
++ const gchar *server = &msg[strlen
(GDM_SUP_GET_SERVER_DETAILS " ")];
++ gchar **splitstr = g_strsplit (server, " ", 2);
++ GdmXserver *svr = NULL;
++
++ if (splitstr != NULL && splitstr[0] != NULL) {
++ svr = gdm_find_xserver ((gchar *)splitstr[0]);
++ }
+
+ if (svr != NULL) {
+ if (g_strcasecmp (splitstr[1], "ID") == 0)
+@@ -3520,12 +3550,11 @@
+ gdm_connection_printf (conn, "OK false\n");
+ else
+ gdm_connection_printf (conn, "ERROR 2 Key not
valid\n");
+-
+- g_strfreev (splitstr);
+ } else {
+ gdm_connection_printf (conn, "ERROR 1 Server
not found\n");
+ }
+
++ g_strfreev (splitstr);
+ } else if (strcmp (msg, GDM_SUP_GREETERPIDS) == 0) {
+ GString *msg;
+ GSList *li;
+@@ -3555,10 +3584,15 @@
+ } else if (strncmp (msg, GDM_SUP_GET_CONFIG " ",
+ strlen (GDM_SUP_GET_CONFIG " ")) == 0) {
+ const gchar *parms = &msg[strlen (GDM_SUP_GET_CONFIG " ")];
+- gchar **splitstr = g_strsplit (parms, " ", 2);
+- gchar *retval = NULL;
++ gchar **splitstr = g_strsplit (parms, " ", 2);
++ gchar *retval = NULL;
+ static gboolean done_prefetch = FALSE;
+
++ if (splitstr == NULL || splitstr[0] == NULL) {
++ gdm_connection_printf (conn, "ERROR 50
Unsupported key <null>\n");
++ return;
++ }
++
+ /*
+ * It is not meaningful to manage this in a per-display
+ * fashion since the prefetch program is only run once the
+--- gnome-2-18/daemon/gdmconfig.c 2007/03/20 08:50:41 4684
++++ gnome-2-18/daemon/gdmconfig.c 2007/07/12 00:06:52 5062
+@@ -850,9 +850,10 @@
+
+ file = gdm_get_per_display_custom_config_file (display);
+
+- if (strcmp (ve_sure_string (splitstr[0]), "greeter") == 0 ||
+- strcmp (ve_sure_string (splitstr[0]), "gui") == 0 ||
+- is_key (key, GDM_KEY_PAM_STACK)) {
++ if (splitstr != NULL &&
++ (strcmp (ve_sure_string (splitstr[0]), "greeter") == 0 ||
++ strcmp (ve_sure_string (splitstr[0]), "gui") == 0 ||
++ is_key (key, GDM_KEY_PAM_STACK))) {
+ gdm_config_key_to_string (file, key, retval);
+ }
+
+@@ -878,7 +879,7 @@
+ *retval = NULL;
+
+ /* Should not fail, all keys should have a category. */
+- if (splitstr[0] == NULL)
++ if (splitstr == NULL || splitstr[0] == NULL)
+ return;
+
+ /* If file doesn't exist, then just return */
+@@ -1768,7 +1769,7 @@
+ if (custom_cfg != NULL) {
+ gchar **splitstr = g_strsplit (key, "/", 2);
+
+- if (splitstr[0] != NULL) {
++ if (splitstr != NULL && splitstr[0] != NULL) {
+ GList *list = ve_config_get_keys (custom_cfg, splitstr[0]);
+
+ while (list != NULL) {
+@@ -1956,7 +1957,7 @@
+ /* First check the custom file */
+ if (cfgfiles->custom_cfg != NULL) {
+ gchar **splitstr = g_strsplit (key_in, "/", 2);
+- if (splitstr[0] != NULL) {
++ if (splitstr != NULL && splitstr[0] != NULL) {
+ GList *list = ve_config_get_keys (cfgfiles->custom_cfg,
splitstr[0]);
+
+ while (list != NULL) {
+--- gnome-2-18/gui/gdmflexiserver.c 2007/04/09 05:07:27 4796
++++ gnome-2-18/gui/gdmflexiserver.c 2007/07/12 00:06:52 5062
+@@ -136,9 +136,10 @@
+ for (i = 0; vec[i] != NULL; i++) {
+ char **rvec;
+ rvec = g_strsplit (vec[i], ",", -1);
+- if (rvec == NULL ||
+- ve_vector_len (rvec) != 3)
++ if (ve_vector_len (rvec) != 3) {
++ g_strfreev (rvec);
+ continue;
++ }
+
+ if (strcmp (rvec[0], vtpart) == 0) {
+ /* could be nested? */
+@@ -177,9 +178,10 @@
+ char **rvec;
+ int vt;
+ rvec = g_strsplit (vec[i], ",", -1);
+- if (rvec == NULL ||
+- ve_vector_len (rvec) != 3)
++ if (ve_vector_len (rvec) != 3) {
++ g_strfreev (rvec);
+ continue;
++ }
+
+ vt = get_vt_num (vec, rvec[2], 5);
+
+@@ -516,9 +518,10 @@
+ char **rvec;
+ int vt;
+ rvec = g_strsplit (vec[i], ",", -1);
+- if (rvec == NULL ||
+- ve_vector_len (rvec) != 3)
++ if (ve_vector_len (rvec) != 3) {
++ g_strfreev (rvec);
+ continue;
++ }
+
+ vt = get_vt_num (vec, rvec[2], 5);
+
+--- gnome-2-18/gui/gdmsetup.c 2007/04/02 05:28:30 4743
++++ gnome-2-18/gui/gdmsetup.c 2007/07/12 00:06:52 5062
+@@ -4220,7 +4220,7 @@
+ msg = g_string_new ("");
+
+ actions = g_strsplit (strings_list, sep, -1);
+- for (i = 0; actions[i]; i++) {
++ for (i = 0; actions != NULL && actions[i] != NULL; i++) {
+ if (strncmp (actions[i], string, strlen (string)) == 0)
+ continue;
+ g_string_append_printf (msg, "%s%s", separator, actions[i]);
+--- gnome-2-18/gui/greeter/greeter_item_ulist.c 2007/04/09 02:36:08
4778
++++ gnome-2-18/gui/greeter/greeter_item_ulist.c 2007/07/12 00:06:52
5062
+@@ -140,8 +140,10 @@
+ char **rvec;
+
+ rvec = g_strsplit (vec[i], ",", -1);
+- if (rvec == NULL || ve_vector_len (rvec) != 3)
++ if (ve_vector_len (rvec) != 3) {
++ g_strfreev (rvec);
+ continue;
++ }
+
+ g_hash_table_insert (displays_hash,
+ g_strdup (rvec[1]),
+--- gnome-2-18/gui/gdmconfig.c 2007/03/20 08:50:41 4684
++++ gnome-2-18/gui/gdmconfig.c 2007/07/12 00:06:52 5062
+@@ -214,11 +214,11 @@
+ }
+
+ /* skip the "OK " */
+- splitstr = g_strsplit (result + 3, ";", 0);
+- sec = splitstr;
++ splitstr = g_strsplit (result + 3, ";", 0);
++ sec = splitstr;
+ g_free (result);
+
+- while (*sec != NULL) {
++ while (sec != NULL && *sec != NULL) {
+ GdmXserver *svr = g_new0 (GdmXserver, 1);
+
+ temp = gdm_config_get_xserver_details (*sec, "ID");
hunk ./source/gnome/gdm/FrugalBuild 6
-pkgrel=1
+pkgrel=2terminus1
hunk ./source/gnome/gdm/FrugalBuild 21
+ CVE-2007-3381.diff \
hunk ./source/gnome/gdm/FrugalBuild 24
- 'a61f7c9569a2d73a5cf078e61a17cfed7d280b12' \
+ 'a61f7c9569a2d73a5cf078e61a17cfed7d280b12' \
hunk ./source/gnome/gdm/FrugalBuild 26
- '82bb42ae2217465196b8de03b18efcdd832ff137' \
+ '82bb42ae2217465196b8de03b18efcdd832ff137' \
+ '67949c3a0c4a32e9dd52927272c37946325b8553' \
}
_______________________________________________
Frugalware-darcs mailing list
Frugalware-darcs@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-darcs
