Module Name: xsrc
Committed By: martin
Date: Wed Mar 8 14:49:59 UTC 2017
Modified Files:
xsrc/external/mit/xorg-server/dist [netbsd-6-1]: configure.ac
xsrc/external/mit/xorg-server/dist/include [netbsd-6-1]:
dix-config.h.in os.h
xsrc/external/mit/xorg-server/dist/os [netbsd-6-1]: auth.c mitauth.c
osdep.h rpcauth.c xdmauth.c
xsrc/external/mit/xorg-server/include [netbsd-6-1]: dix-config.h
xsrc/xfree/xc/programs/Xserver/include [netbsd-6-1]: os.h
xsrc/xfree/xc/programs/Xserver/os [netbsd-6-1]: auth.c mitauth.c
osdep.h rpcauth.c xdmauth.c
Added Files:
xsrc/external/mit/xorg-server/dist/os [netbsd-6-1]: timingsafe_memcmp.c
xsrc/xfree/xc/programs/Xserver/os [netbsd-6-1]: timingsafe_memcmp.c
Log Message:
xsrc/external/mit/xorg-server.old/dist/configure.ac 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/include/os.h 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/auth.c 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/auth.c 1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/os/osdep.h 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/rpcauth.c 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/timingsafe_memcmp.c 1.1 (patch)
xsrc/external/mit/xorg-server.old/dist/os/xdmauth.c 1.2 (patch)
xsrc/external/mit/xorg-server.old/include/dix-config.h 1.3 (patch)
xsrc/external/mit/xorg-server.old/include/dix-config.h 1.4 (patch)
xsrc/external/mit/xorg-server/dist/configure.ac 1.4 (patch)
xsrc/external/mit/xorg-server/dist/configure.ac 1.5 (patch)
xsrc/external/mit/xorg-server/dist/include/dix-config.h.in 1.2 (patch)
xsrc/external/mit/xorg-server/dist/include/dix-config.h.in 1.3 (patch)
xsrc/external/mit/xorg-server/dist/include/os.h 1.8 (patch)
xsrc/external/mit/xorg-server/dist/os/auth.c 1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/auth.c 1.3 (patch)
xsrc/external/mit/xorg-server/dist/os/mitauth.c 1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/mitauth.c 1.3 (patch)
xsrc/external/mit/xorg-server/dist/os/osdep.h 1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/rpcauth.c 1.4 (patch)
xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c 1.1 (patch)
xsrc/external/mit/xorg-server/dist/os/xdmauth.c 1.2 (patch)
xsrc/external/mit/xorg-server/include/dix-config.h 1.26 (patch)
xsrc/external/mit/xorg-server/include/dix-config.h 1.27 (patch)
Apply upstream fixes for generation and comparision of
MIT-MAGIC-COOKIES, fixing CVE-2017-2624
[mrg, ticket #1381]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.6.1 -r1.1.1.8.6.2 \
xsrc/external/mit/xorg-server/dist/configure.ac
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.6.1 \
xsrc/external/mit/xorg-server/dist/include/dix-config.h.in
cvs rdiff -u -r1.6 -r1.6.6.1 xsrc/external/mit/xorg-server/dist/include/os.h
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.6.1 \
xsrc/external/mit/xorg-server/dist/os/auth.c \
xsrc/external/mit/xorg-server/dist/os/xdmauth.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.6.1 \
xsrc/external/mit/xorg-server/dist/os/mitauth.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.6.1 \
xsrc/external/mit/xorg-server/dist/os/osdep.h
cvs rdiff -u -r1.1.1.3.6.1 -r1.1.1.3.6.2 \
xsrc/external/mit/xorg-server/dist/os/rpcauth.c
cvs rdiff -u -r0 -r1.1.8.2 \
xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c
cvs rdiff -u -r1.19 -r1.19.6.1 \
xsrc/external/mit/xorg-server/include/dix-config.h
cvs rdiff -u -r1.5 -r1.5.20.1 xsrc/xfree/xc/programs/Xserver/include/os.h
cvs rdiff -u -r1.4 -r1.4.32.1 xsrc/xfree/xc/programs/Xserver/os/auth.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.34.1 \
xsrc/xfree/xc/programs/Xserver/os/mitauth.c
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.20.1 \
xsrc/xfree/xc/programs/Xserver/os/osdep.h
cvs rdiff -u -r1.1.1.5.32.1 -r1.1.1.5.32.2 \
xsrc/xfree/xc/programs/Xserver/os/rpcauth.c
cvs rdiff -u -r0 -r1.1.8.2 \
xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.20.1 \
xsrc/xfree/xc/programs/Xserver/os/xdmauth.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/xorg-server/dist/configure.ac
diff -u xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.6.1 xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.6.2
--- xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.6.1 Tue Dec 9 19:46:20 2014
+++ xsrc/external/mit/xorg-server/dist/configure.ac Wed Mar 8 14:49:58 2017
@@ -220,6 +220,8 @@ AC_CHECK_FUNC([strlcpy], AC_DEFINE(HAS_S
AM_CONDITIONAL(NEED_VSNPRINTF, [test x$HAVE_VSNPRINTF = xno])
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
dnl Check for mmap support for Xvfb
AC_CHECK_FUNC([mmap], AC_DEFINE(HAS_MMAP, 1, [Have the 'mmap' function.]))
Index: xsrc/external/mit/xorg-server/dist/include/dix-config.h.in
diff -u xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4 xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4.6.1
--- xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4 Tue Aug 2 06:57:02 2011
+++ xsrc/external/mit/xorg-server/dist/include/dix-config.h.in Wed Mar 8 14:49:58 2017
@@ -133,6 +133,9 @@
/* Build a standalone xpbproxy */
#undef STANDALONE_XPBPROXY
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
@@ -160,6 +163,9 @@
/* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
#undef HAVE_RPCSVC_DBM_H
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
/* Define to use libc SHA1 functions */
#undef HAVE_SHA1_IN_LIBC
@@ -228,6 +234,9 @@
/* Define to 1 if you have the <sys/vm86.h> header file. */
#undef HAVE_SYS_VM86_H
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+#undef HAVE_TIMINGSAFE_MEMCMP
+
/* Define to 1 if you have the <tslib.h> header file. */
#undef HAVE_TSLIB_H
Index: xsrc/external/mit/xorg-server/dist/include/os.h
diff -u xsrc/external/mit/xorg-server/dist/include/os.h:1.6 xsrc/external/mit/xorg-server/dist/include/os.h:1.6.6.1
--- xsrc/external/mit/xorg-server/dist/include/os.h:1.6 Tue Aug 2 07:15:06 2011
+++ xsrc/external/mit/xorg-server/dist/include/os.h Wed Mar 8 14:49:58 2017
@@ -495,6 +495,11 @@ extern _X_EXPORT size_t strlcpy(char *ds
extern _X_EXPORT size_t strlcat(char *dst, const char *src, size_t siz);
#endif
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
Index: xsrc/external/mit/xorg-server/dist/os/auth.c
diff -u xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3 xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3.6.1
--- xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3 Tue Nov 23 05:22:09 2010
+++ xsrc/external/mit/xorg-server/dist/os/auth.c Wed Mar 8 14:49:59 2017
@@ -45,6 +45,9 @@ from The Open Group.
#ifdef WIN32
#include <X11/Xw32defs.h>
#endif
+#ifdef HAVE_LIBBSD
+#include <bsd/stdlib.h> /* for arc4random_buf() */
+#endif
struct protocol {
unsigned short name_length;
@@ -52,7 +55,6 @@ struct protocol {
AuthAddCFunc Add; /* new authorization data */
AuthCheckFunc Check; /* verify client authorization data */
AuthRstCFunc Reset; /* delete all authorization data entries */
- AuthToIDFunc ToID; /* convert cookie to ID */
AuthFromIDFunc FromID; /* convert ID to cookie */
AuthRemCFunc Remove; /* remove a specific cookie */
#ifdef XCSECURITY
@@ -63,7 +65,7 @@ struct protocol {
static struct protocol protocols[] = {
{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
MitAddCookie, MitCheckCookie, MitResetCookie,
- MitToID, MitFromID, MitRemoveCookie,
+ MitFromID, MitRemoveCookie,
#ifdef XCSECURITY
MitGenerateCookie
#endif
@@ -71,7 +73,7 @@ static struct protocol protocols[] = {
#ifdef HASXDMAUTH
{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
XdmAddCookie, XdmCheckCookie, XdmResetCookie,
- XdmToID, XdmFromID, XdmRemoveCookie,
+ XdmFromID, XdmRemoveCookie,
#ifdef XCSECURITY
NULL
#endif
@@ -80,7 +82,7 @@ static struct protocol protocols[] = {
#ifdef SECURE_RPC
{ (unsigned short) 9, "SUN-DES-1",
SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
- SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
+ SecureRPCFromID,SecureRPCRemove,
#ifdef XCSECURITY
NULL
#endif
@@ -318,11 +320,15 @@ GenerateAuthorization(
void
GenerateRandomData (int len, char *buf)
{
+#ifdef HAVE_ARC4RANDOMBUF
+ arc4random_buf(buf, len);
+#else
int fd;
fd = open("/dev/urandom", O_RDONLY);
read(fd, buf, len);
close(fd);
+#endif
}
#endif /* XCSECURITY */
Index: xsrc/external/mit/xorg-server/dist/os/xdmauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3 xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3.6.1
--- xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3 Tue Nov 23 05:22:10 2010
+++ xsrc/external/mit/xorg-server/dist/os/xdmauth.c Wed Mar 8 14:49:59 2017
@@ -423,31 +423,6 @@ XdmResetCookie (void)
return 1;
}
-XID
-XdmToID (unsigned short cookie_length, char *cookie)
-{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
-
- plain = malloc(cookie_length);
- if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
- if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL)
- {
- free(client);
- free(cookie);
- free(plain);
- return auth->id;
- }
- }
- free(cookie);
- free(plain);
- return (XID) -1;
-}
-
int
XdmFromID (XID id, unsigned short *data_lenp, char **datap)
{
Index: xsrc/external/mit/xorg-server/dist/os/mitauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2 xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2.6.1
--- xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2 Tue Nov 23 05:22:09 2010
+++ xsrc/external/mit/xorg-server/dist/os/mitauth.c Wed Mar 8 14:49:59 2017
@@ -82,7 +82,7 @@ MitCheckCookie (
for (auth = mit_auth; auth; auth=auth->next) {
if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
@@ -103,21 +103,6 @@ MitResetCookie (void)
return 0;
}
-XID
-MitToID (
- unsigned short data_length,
- char *data)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth=auth->next) {
- if (data_length == auth->len &&
- memcmp (data, auth->data, data_length) == 0)
- return auth->id;
- }
- return (XID) -1;
-}
-
int
MitFromID (
XID id,
Index: xsrc/external/mit/xorg-server/dist/os/osdep.h
diff -u xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4 xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4.6.1
--- xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4 Tue Aug 2 06:57:04 2011
+++ xsrc/external/mit/xorg-server/dist/os/osdep.h Wed Mar 8 14:49:59 2017
@@ -158,9 +158,6 @@ typedef int (*AuthRemCFunc) (AuthRemCArg
#define AuthRstCArgs void
typedef int (*AuthRstCFunc) (AuthRstCArgs);
-#define AuthToIDArgs unsigned short data_length, char *data
-typedef XID (*AuthToIDFunc) (AuthToIDArgs);
-
typedef void (*OsCloseFunc)(ClientPtr);
typedef int (*OsFlushFunc)(ClientPtr who, struct _osComm * oc, char* extraBuf, int extraCount);
@@ -227,7 +224,6 @@ extern void GenerateRandomData (int len,
/* in mitauth.c */
extern XID MitCheckCookie (AuthCheckArgs);
extern XID MitGenerateCookie (AuthGenCArgs);
-extern XID MitToID (AuthToIDArgs);
extern int MitAddCookie (AuthAddCArgs);
extern int MitFromID (AuthFromIDArgs);
extern int MitRemoveCookie (AuthRemCArgs);
@@ -236,7 +232,6 @@ extern int MitResetCookie (AuthRstCA
/* in xdmauth.c */
#ifdef HASXDMAUTH
extern XID XdmCheckCookie (AuthCheckArgs);
-extern XID XdmToID (AuthToIDArgs);
extern int XdmAddCookie (AuthAddCArgs);
extern int XdmFromID (AuthFromIDArgs);
extern int XdmRemoveCookie (AuthRemCArgs);
@@ -247,7 +242,6 @@ extern int XdmResetCookie (AuthRstCA
#ifdef SECURE_RPC
extern void SecureRPCInit (AuthInitArgs);
extern XID SecureRPCCheck (AuthCheckArgs);
-extern XID SecureRPCToID (AuthToIDArgs);
extern int SecureRPCAdd (AuthAddCArgs);
extern int SecureRPCFromID (AuthFromIDArgs);
extern int SecureRPCRemove (AuthRemCArgs);
Index: xsrc/external/mit/xorg-server/dist/os/rpcauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.6.1 xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.6.2
--- xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.6.1 Tue Dec 9 19:46:20 2014
+++ xsrc/external/mit/xorg-server/dist/os/rpcauth.c Wed Mar 8 14:49:59 2017
@@ -177,12 +177,6 @@ SecureRPCReset (void)
return 1;
}
-_X_HIDDEN XID
-SecureRPCToID (unsigned short data_length, char *data)
-{
- return rpc_id;
-}
-
_X_HIDDEN int
SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap)
{
Index: xsrc/external/mit/xorg-server/include/dix-config.h
diff -u xsrc/external/mit/xorg-server/include/dix-config.h:1.19 xsrc/external/mit/xorg-server/include/dix-config.h:1.19.6.1
--- xsrc/external/mit/xorg-server/include/dix-config.h:1.19 Tue Aug 2 22:45:52 2011
+++ xsrc/external/mit/xorg-server/include/dix-config.h Wed Mar 8 14:49:59 2017
@@ -134,6 +134,9 @@
/* Build a standalone xpbproxy */
/* #undef STANDALONE_XPBPROXY */
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+/* #undef HAVE_LIBBSD */
+
/* Define to 1 if you have the `m' library (-lm). */
#define HAVE_LIBM 1
@@ -161,6 +164,9 @@
/* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
/* #undef HAVE_RPCSVC_DBM_H */
+/* Define to 1 if you have the `arc4random_buf' function. */
+#define HAVE_ARC4RANDOM_BUF 1
+
/* Define to use libc SHA1 functions */
#define HAVE_SHA1_IN_LIBC 1
@@ -229,6 +235,9 @@
/* Define to 1 if you have the <sys/vm86.h> header file. */
/* #undef HAVE_SYS_VM86_H */
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+/* #undef HAVE_TIMINGSAFE_MEMCMP */
+
/* Define to 1 if you have the <tslib.h> header file. */
/* #undef HAVE_TSLIB_H */
Index: xsrc/xfree/xc/programs/Xserver/include/os.h
diff -u xsrc/xfree/xc/programs/Xserver/include/os.h:1.5 xsrc/xfree/xc/programs/Xserver/include/os.h:1.5.20.1
--- xsrc/xfree/xc/programs/Xserver/include/os.h:1.5 Fri Mar 18 14:55:16 2005
+++ xsrc/xfree/xc/programs/Xserver/include/os.h Wed Mar 8 14:49:59 2017
@@ -532,6 +532,11 @@ extern void AbortDDX(void);
extern void ddxGiveUp(void);
extern int TimeSinceLastInputEvent(void);
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
Index: xsrc/xfree/xc/programs/Xserver/os/auth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4 xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4.32.1
--- xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4 Fri Mar 5 16:33:09 2004
+++ xsrc/xfree/xc/programs/Xserver/os/auth.c Wed Mar 8 14:49:59 2017
@@ -50,6 +50,9 @@ from The Open Group.
#ifdef WIN32
#include "Xw32defs.h"
#endif
+#ifdef HAVE_LIBBSD
+#include <bsd/stdlib.h> /* for arc4random_buf() */
+#endif
struct protocol {
unsigned short name_length;
@@ -57,7 +60,6 @@ struct protocol {
AuthAddCFunc Add; /* new authorization data */
AuthCheckFunc Check; /* verify client authorization data */
AuthRstCFunc Reset; /* delete all authorization data entries */
- AuthToIDFunc ToID; /* convert cookie to ID */
AuthFromIDFunc FromID; /* convert ID to cookie */
AuthRemCFunc Remove; /* remove a specific cookie */
#ifdef XCSECURITY
@@ -68,7 +70,7 @@ struct protocol {
static struct protocol protocols[] = {
{ (unsigned short) 18, "MIT-MAGIC-COOKIE-1",
MitAddCookie, MitCheckCookie, MitResetCookie,
- MitToID, MitFromID, MitRemoveCookie,
+ MitFromID, MitRemoveCookie,
#ifdef XCSECURITY
MitGenerateCookie
#endif
@@ -76,7 +78,7 @@ static struct protocol protocols[] = {
#ifdef HASXDMAUTH
{ (unsigned short) 19, "XDM-AUTHORIZATION-1",
XdmAddCookie, XdmCheckCookie, XdmResetCookie,
- XdmToID, XdmFromID, XdmRemoveCookie,
+ XdmFromID, XdmRemoveCookie,
#ifdef XCSECURITY
NULL
#endif
@@ -85,7 +87,7 @@ static struct protocol protocols[] = {
#ifdef SECURE_RPC
{ (unsigned short) 9, "SUN-DES-1",
SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
- SecureRPCToID, SecureRPCFromID,SecureRPCRemove,
+ SecureRPCFromID,SecureRPCRemove,
#ifdef XCSECURITY
NULL
#endif
@@ -94,7 +96,7 @@ static struct protocol protocols[] = {
#ifdef K5AUTH
{ (unsigned short) 14, "MIT-KERBEROS-5",
K5Add, K5Check, K5Reset,
- K5ToID, K5FromID, K5Remove,
+ K5FromID, K5Remove,
#ifdef XCSECURITY
NULL
#endif
@@ -104,7 +106,7 @@ static struct protocol protocols[] = {
{ (unsigned short) XSecurityAuthorizationNameLen,
XSecurityAuthorizationName,
NULL, AuthSecurityCheck, NULL,
- NULL, NULL, NULL,
+ NULL, NULL,
NULL
},
#endif
@@ -254,26 +256,6 @@ ResetAuthorization (void)
ShouldLoadAuth = TRUE;
}
-XID
-AuthorizationToID (
- unsigned short name_length,
- char *name,
- unsigned short data_length,
- char *data)
-{
- int i;
-
- for (i = 0; i < NUM_AUTHORIZATION; i++) {
- if (protocols[i].name_length == name_length &&
- memcmp (protocols[i].name, name, (int) name_length) == 0 &&
- protocols[i].ToID)
- {
- return (*protocols[i].ToID) (data_length, data);
- }
- }
- return (XID) ~0L;
-}
-
int
AuthorizationFromID (
XID id,
Index: xsrc/xfree/xc/programs/Xserver/os/mitauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4 xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4.34.1
--- xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4 Sat Jan 19 15:14:27 2002
+++ xsrc/xfree/xc/programs/Xserver/os/mitauth.c Wed Mar 8 14:49:59 2017
@@ -80,7 +80,7 @@ MitCheckCookie (
for (auth = mit_auth; auth; auth=auth->next) {
if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
@@ -101,21 +101,6 @@ MitResetCookie (void)
return 0;
}
-XID
-MitToID (
- unsigned short data_length,
- char *data)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth=auth->next) {
- if (data_length == auth->len &&
- memcmp (data, auth->data, data_length) == 0)
- return auth->id;
- }
- return (XID) -1;
-}
-
int
MitFromID (
XID id,
Index: xsrc/xfree/xc/programs/Xserver/os/osdep.h
diff -u xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7 xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7.20.1
--- xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7 Fri Mar 18 13:13:14 2005
+++ xsrc/xfree/xc/programs/Xserver/os/osdep.h Wed Mar 8 14:49:59 2017
@@ -181,9 +181,6 @@ typedef int (*AuthRemCFunc) (AuthRemCArg
#define AuthRstCArgs void
typedef int (*AuthRstCFunc) (AuthRstCArgs);
-#define AuthToIDArgs unsigned short data_length, char *data
-typedef XID (*AuthToIDFunc) (AuthToIDArgs);
-
typedef void (*OsCloseFunc)(ClientPtr);
typedef int (*OsFlushFunc)(ClientPtr who, struct _osComm * oc, char* extraBuf, int extraCount);
@@ -269,7 +266,6 @@ extern void GenerateRandomData (int len,
/* in mitauth.c */
extern XID MitCheckCookie (AuthCheckArgs);
extern XID MitGenerateCookie (AuthGenCArgs);
-extern XID MitToID (AuthToIDArgs);
extern int MitAddCookie (AuthAddCArgs);
extern int MitFromID (AuthFromIDArgs);
extern int MitRemoveCookie (AuthRemCArgs);
@@ -278,7 +274,6 @@ extern int MitResetCookie (AuthRstCA
/* in xdmauth.c */
#ifdef HASXDMAUTH
extern XID XdmCheckCookie (AuthCheckArgs);
-extern XID XdmToID (AuthToIDArgs);
extern int XdmAddCookie (AuthAddCArgs);
extern int XdmFromID (AuthFromIDArgs);
extern int XdmRemoveCookie (AuthRemCArgs);
@@ -289,7 +284,6 @@ extern int XdmResetCookie (AuthRstCA
#ifdef SECURE_RPC
extern void SecureRPCInit (AuthInitArgs);
extern XID SecureRPCCheck (AuthCheckArgs);
-extern XID SecureRPCToID (AuthToIDArgs);
extern int SecureRPCAdd (AuthAddCArgs);
extern int SecureRPCFromID (AuthFromIDArgs);
extern int SecureRPCRemove (AuthRemCArgs);
Index: xsrc/xfree/xc/programs/Xserver/os/rpcauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.32.1 xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.32.2
--- xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.32.1 Fri Dec 12 07:19:56 2014
+++ xsrc/xfree/xc/programs/Xserver/os/rpcauth.c Wed Mar 8 14:49:59 2017
@@ -184,12 +184,6 @@ SecureRPCReset (void)
return 1;
}
-XID
-SecureRPCToID (unsigned short data_length, char *data)
-{
- return rpc_id;
-}
-
int
SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap)
{
Index: xsrc/xfree/xc/programs/Xserver/os/xdmauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6 xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6.20.1
--- xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6 Fri Mar 18 13:13:14 2005
+++ xsrc/xfree/xc/programs/Xserver/os/xdmauth.c Wed Mar 8 14:49:59 2017
@@ -422,32 +422,6 @@ XdmResetCookie (void)
return 1;
}
-XID
-XdmToID (unsigned short cookie_length, char *cookie)
-{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
-
- plain = (unsigned char *) xalloc (cookie_length);
- if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth=auth->next) {
- XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key,
- plain, cookie_length);
- client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho,
- NULL, NULL);
- if (client != NULL)
- {
- xfree (client);
- xfree (cookie);
- return auth->id;
- }
- }
- xfree (cookie);
- return (XID) -1;
-}
-
int
XdmFromID (XID id, unsigned short *data_lenp, char **datap)
{
Added files:
Index: xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c
diff -u /dev/null xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c:1.1.8.2
--- /dev/null Wed Mar 8 14:49:59 2017
+++ xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c Wed Mar 8 14:49:59 2017
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <X11/Xfuncproto.h>
+#include <dix-config.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}
Index: xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c
diff -u /dev/null xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c:1.1.8.2
--- /dev/null Wed Mar 8 14:49:59 2017
+++ xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c Wed Mar 8 14:49:59 2017
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <X11/Xfuncproto.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}
