Running “xauth generate $DISPLAY . timeout 99999999” crashes the xserver. This patch checks the maximum value of the timeout and bails if requested time is too large.
This patch was authored and proposed to the mailing list in 2010 by Arvind Umrao. There was some discussion but no resolution, and the patch was not picked up. We have carried the patch in Ubuntu since Jun 2010 as it was confirmed to fix the reported issue. ref: http://lists.x.org/archives/xorg-devel/2010-April/006992.html Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=27134 Signed-off-by: Bryce Harrington <[email protected]> --- Xext/security.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Xext/security.c b/Xext/security.c index 6cc9aa0..97e7ef3 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -260,9 +260,9 @@ SecurityComputeAuthorizationTimeout(SecurityAuthorizationPtr pAuth, /* maxSecs is the number of full seconds that can be expressed in * 32 bits worth of milliseconds */ - CARD32 maxSecs = (CARD32) (~0) / (CARD32) MILLI_PER_SECOND; + CARD32 maxSecs = (CARD32) (MAXINT) / (CARD32) MILLI_PER_SECOND; - if (seconds > maxSecs) { /* only come here if we want to wait more than 49 days */ + if (seconds > maxSecs) { /* only come here if we want to wait more than 24 days */ pAuth->secondsRemaining = seconds - maxSecs; return maxSecs * MILLI_PER_SECOND; } @@ -296,8 +296,6 @@ SecurityAuthorizationExpired(OsTimerPtr timer, CARD32 time, pointer pval) { SecurityAuthorizationPtr pAuth = (SecurityAuthorizationPtr) pval; - assert(pAuth->timer == timer); - if (pAuth->secondsRemaining) { return SecurityComputeAuthorizationTimeout(pAuth, pAuth->secondsRemaining); -- 1.7.9.5 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
