mirror of
https://git.FreeBSD.org/ports.git
synced 2024-10-30 21:49:25 +00:00
559 lines
17 KiB
Plaintext
559 lines
17 KiB
Plaintext
diff -u lib/ICE/ICElibint.h:1.1 X11/xc/lib/ICE/ICElibint.h:1.2
|
||
--- lib/ICE/ICElibint.h:1.1 Fri Sep 5 02:58:32 1997
|
||
+++ lib/ICE/ICElibint.h Mon Jul 10 15:17:09 2000
|
||
@@ -288,20 +288,21 @@
|
||
}
|
||
|
||
|
||
-#define SKIP_STRING(_pBuf, _swap) \
|
||
+#define SKIP_STRING(_pBuf, _swap, _end, _bail) \
|
||
{ \
|
||
CARD16 _len; \
|
||
EXTRACT_CARD16 (_pBuf, _swap, _len); \
|
||
- _pBuf += _len; \
|
||
- if (PAD32 (2 + _len)) \
|
||
- _pBuf += PAD32 (2 + _len); \
|
||
-}
|
||
+ _pBuf += _len + PAD32(2+_len); \
|
||
+ if (_pBuf > _end) { \
|
||
+ _bail; \
|
||
+ } \
|
||
+}
|
||
|
||
-#define SKIP_LISTOF_STRING(_pBuf, _swap, _count) \
|
||
+#define SKIP_LISTOF_STRING(_pBuf, _swap, _count, _end, _bail) \
|
||
{ \
|
||
int _i; \
|
||
for (_i = 0; _i < _count; _i++) \
|
||
- SKIP_STRING (_pBuf, _swap); \
|
||
+ SKIP_STRING (_pBuf, _swap, _end, _bail); \
|
||
}
|
||
|
||
|
||
Index: lib/ICE/process.c
|
||
diff -u lib/ICE/process.c:1.1 X11/xc/lib/ICE/process.c:1.2
|
||
--- lib/ICE/process.c:1.1 Fri Sep 5 02:58:32 1997
|
||
+++ lib/ICE/process.c Mon Jul 10 15:17:10 2000
|
||
@@ -63,7 +63,11 @@
|
||
return (0); \
|
||
}
|
||
|
||
-
|
||
+#define BAIL_STRING(_iceConn, _opcode, _pStart) {\
|
||
+ _IceErrorBadLength (_iceConn, 0, _opcode, IceFatalToConnection);\
|
||
+ IceDisposeCompleteMessage (_iceConn, _pStart);\
|
||
+ return (0);\
|
||
+}
|
||
|
||
/*
|
||
* IceProcessMessages:
|
||
@@ -819,7 +823,7 @@
|
||
int myAuthCount, hisAuthCount;
|
||
int found, i, j;
|
||
char *myAuthName, **hisAuthNames;
|
||
- char *pData, *pStart;
|
||
+ char *pData, *pStart, *pEnd;
|
||
char *vendor = NULL;
|
||
char *release = NULL;
|
||
int myAuthIndex = 0;
|
||
@@ -843,10 +847,18 @@
|
||
}
|
||
|
||
pData = pStart;
|
||
-
|
||
- SKIP_STRING (pData, swap); /* vendor */
|
||
- SKIP_STRING (pData, swap); /* release */
|
||
- SKIP_LISTOF_STRING (pData, swap, (int) message->authCount);/* auth names */
|
||
+ pEnd = pStart + (length << 3);
|
||
+
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ConnectionSetup,
|
||
+ pStart)); /* vendor */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ConnectionSetup,
|
||
+ pStart)); /* release */
|
||
+ SKIP_LISTOF_STRING (pData, swap, (int) message->authCount, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ConnectionSetup,
|
||
+ pStart)); /* auth names */
|
||
+
|
||
pData += (message->versionCount * 4); /* versions */
|
||
|
||
CHECK_COMPLETE_SIZE (iceConn, ICE_ConnectionSetup,
|
||
@@ -1685,7 +1697,7 @@
|
||
|
||
{
|
||
iceConnectionReplyMsg *message;
|
||
- char *pData, *pStart;
|
||
+ char *pData, *pStart, *pEnd;
|
||
Bool replyReady;
|
||
|
||
CHECK_AT_LEAST_SIZE (iceConn, ICE_ConnectionReply,
|
||
@@ -1701,9 +1713,14 @@
|
||
}
|
||
|
||
pData = pStart;
|
||
+ pEnd = pStart + (length << 3);
|
||
|
||
- SKIP_STRING (pData, swap); /* vendor */
|
||
- SKIP_STRING (pData, swap); /* release */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING (iceConn, ICE_ConnectionReply,
|
||
+ pStart)); /* vendor */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING (iceConn, ICE_ConnectionReply,
|
||
+ pStart)); /* release */
|
||
|
||
CHECK_COMPLETE_SIZE (iceConn, ICE_ConnectionReply,
|
||
length, pData - pStart + SIZEOF (iceConnectionReplyMsg),
|
||
@@ -1789,7 +1806,7 @@
|
||
int found, i, j;
|
||
char *myAuthName, **hisAuthNames;
|
||
char *protocolName;
|
||
- char *pData, *pStart;
|
||
+ char *pData, *pStart, *pEnd;
|
||
char *vendor = NULL;
|
||
char *release = NULL;
|
||
int accept_setup_now = 0;
|
||
@@ -1824,11 +1841,20 @@
|
||
}
|
||
|
||
pData = pStart;
|
||
+ pEnd = pStart + (length << 3);
|
||
|
||
- SKIP_STRING (pData, swap); /* proto name */
|
||
- SKIP_STRING (pData, swap); /* vendor */
|
||
- SKIP_STRING (pData, swap); /* release */
|
||
- SKIP_LISTOF_STRING (pData, swap, (int) message->authCount);/* auth names */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolSetup,
|
||
+ pStart)); /* proto name */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolSetup,
|
||
+ pStart)); /* vendor */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolSetup,
|
||
+ pStart)); /* release */
|
||
+ SKIP_LISTOF_STRING (pData, swap, (int) message->authCount, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolSetup,
|
||
+ pStart)); /* auth names */
|
||
pData += (message->versionCount * 4); /* versions */
|
||
|
||
CHECK_COMPLETE_SIZE (iceConn, ICE_ProtocolSetup,
|
||
@@ -2170,7 +2196,7 @@
|
||
|
||
{
|
||
iceProtocolReplyMsg *message;
|
||
- char *pData, *pStart;
|
||
+ char *pData, *pStart, *pEnd;
|
||
Bool replyReady;
|
||
|
||
CHECK_AT_LEAST_SIZE (iceConn, ICE_ProtocolReply,
|
||
@@ -2186,9 +2212,14 @@
|
||
}
|
||
|
||
pData = pStart;
|
||
+ pEnd = pStart + (length << 3);
|
||
|
||
- SKIP_STRING (pData, swap); /* vendor */
|
||
- SKIP_STRING (pData, swap); /* release */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolReply,
|
||
+ pStart)); /* vendor */
|
||
+ SKIP_STRING (pData, swap, pEnd,
|
||
+ BAIL_STRING(iceConn, ICE_ProtocolReply,
|
||
+ pStart)); /* release */
|
||
|
||
CHECK_COMPLETE_SIZE (iceConn, ICE_ProtocolReply,
|
||
length, pData - pStart + SIZEOF (iceProtocolReplyMsg),
|
||
Index: lib/X11/GetProp.c
|
||
diff -u lib/X11/GetProp.c:1.1 X11/xc/lib/X11/GetProp.c:1.2
|
||
--- lib/X11/GetProp.c:1.1 Fri Sep 5 02:58:44 1997
|
||
+++ lib/X11/GetProp.c Mon Jul 10 15:20:35 2000
|
||
@@ -76,21 +76,24 @@
|
||
*/
|
||
case 8:
|
||
nbytes = netbytes = reply.nItems;
|
||
- if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
|
||
+ if (nbytes + 1 > 0 &&
|
||
+ (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
|
||
_XReadPad (dpy, (char *) *prop, netbytes);
|
||
break;
|
||
|
||
case 16:
|
||
nbytes = reply.nItems * sizeof (short);
|
||
netbytes = reply.nItems << 1;
|
||
- if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
|
||
+ if (nbytes + 1 > 0 &&
|
||
+ (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
|
||
_XRead16Pad (dpy, (short *) *prop, netbytes);
|
||
break;
|
||
|
||
case 32:
|
||
nbytes = reply.nItems * sizeof (long);
|
||
netbytes = reply.nItems << 2;
|
||
- if (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1))
|
||
+ if (nbytes + 1 > 0 &&
|
||
+ (*prop = (unsigned char *) Xmalloc ((unsigned)nbytes + 1)))
|
||
_XRead32 (dpy, (long *) *prop, netbytes);
|
||
break;
|
||
|
||
Index: lib/X11/OpenDis.c
|
||
diff -u lib/X11/OpenDis.c:1.1 X11/xc/lib/X11/OpenDis.c:1.2
|
||
--- lib/X11/OpenDis.c:1.1 Fri Sep 5 02:58:48 1997
|
||
+++ lib/X11/OpenDis.c Mon Jul 10 15:20:35 2000
|
||
@@ -371,6 +371,14 @@
|
||
dpy->max_request_size = u.setup->maxRequestSize;
|
||
mask = dpy->resource_mask;
|
||
dpy->resource_shift = 0;
|
||
+ if (!mask)
|
||
+ {
|
||
+ fprintf (stderr, "Xlib: connection to \"%s\" invalid setup\n",
|
||
+ fullname);
|
||
+ OutOfMemory(dpy, setup);
|
||
+ return (NULL);
|
||
+ }
|
||
+
|
||
while (!(mask & 1)) {
|
||
dpy->resource_shift++;
|
||
mask = mask >> 1;
|
||
@@ -390,6 +398,13 @@
|
||
(void) strncpy(dpy->vendor, u.vendor, vendorlen);
|
||
dpy->vendor[vendorlen] = '\0';
|
||
vendorlen = (vendorlen + 3) & ~3; /* round up */
|
||
+/*
|
||
+ * validate setup length
|
||
+ */
|
||
+ if ((int) setuplength - sz_xConnSetup - vendorlen < 0) {
|
||
+ OutOfMemory(dpy, setup);
|
||
+ return (NULL);
|
||
+ }
|
||
memmove (setup, u.vendor + vendorlen,
|
||
(int) setuplength - sz_xConnSetup - vendorlen);
|
||
u.vendor = setup;
|
||
@@ -568,6 +583,8 @@
|
||
|
||
if (_XReply (dpy, (xReply *) &reply, 0, xFalse)) {
|
||
if (reply.format == 8 && reply.propertyType == XA_STRING &&
|
||
+ (reply.nItems + 1 > 0) &&
|
||
+ (reply.nItems <= req->longLength * 4) &&
|
||
(dpy->xdefaults = Xmalloc (reply.nItems + 1))) {
|
||
_XReadPad (dpy, dpy->xdefaults, reply.nItems);
|
||
dpy->xdefaults[reply.nItems] = '\0';
|
||
Index: lib/X11/XlibInt.c
|
||
diff -u lib/X11/XlibInt.c:1.3 X11/xc/lib/X11/XlibInt.c:1.4
|
||
--- lib/X11/XlibInt.c:1.3 Tue Aug 24 12:11:19 1999
|
||
+++ lib/X11/XlibInt.c Mon Jul 10 15:20:35 2000
|
||
@@ -38,6 +38,8 @@
|
||
#define NEED_EVENTS
|
||
#define NEED_REPLIES
|
||
|
||
+#define GENERIC_LENGTH_LIMIT (1 << 29)
|
||
+
|
||
#include "Xlibint.h"
|
||
#include <X11/Xpoll.h>
|
||
#include <X11/Xtrans.h>
|
||
@@ -1689,6 +1691,17 @@
|
||
!= (char *)rep)
|
||
continue;
|
||
}
|
||
+ /*
|
||
+ * Don't accept ridiculously large values for
|
||
+ * generic.length; doing so could cause stack-scribbling
|
||
+ * problems elsewhere.
|
||
+ */
|
||
+ if (rep->generic.length > GENERIC_LENGTH_LIMIT) {
|
||
+ rep->generic.length = GENERIC_LENGTH_LIMIT;
|
||
+ (void) fprintf(stderr,
|
||
+ "Xlib: suspiciously long reply length %d set to %d",
|
||
+ rep->generic.length, GENERIC_LENGTH_LIMIT);
|
||
+ }
|
||
if (extra <= rep->generic.length) {
|
||
if (extra > 0)
|
||
/*
|
||
@@ -1827,6 +1840,13 @@
|
||
#endif
|
||
if (len > *lenp)
|
||
_XEatData(dpy, len - *lenp);
|
||
+ }
|
||
+ if (len < SIZEOF(xReply))
|
||
+ {
|
||
+ _XIOError (dpy);
|
||
+ buf += *lenp;
|
||
+ *lenp = 0;
|
||
+ return buf;
|
||
}
|
||
if (len >= *lenp) {
|
||
buf += *lenp;
|
||
Index: programs/Xserver/os/secauth.c
|
||
diff -u programs/Xserver/os/secauth.c:1.1 X11/xc/programs/Xserver/os/secauth.c:1.3
|
||
--- programs/Xserver/os/secauth.c:1.1 Fri Sep 5 03:15:14 1997
|
||
+++ programs/Xserver/os/secauth.c Mon Jul 10 15:23:26 2000
|
||
@@ -47,7 +47,7 @@
|
||
ClientPtr client;
|
||
char **reason;
|
||
{
|
||
- char *policy = *dataP;
|
||
+ CARD8 *policy = *(CARD8 **)dataP;
|
||
int length;
|
||
Bool permit;
|
||
int nPolicies;
|
||
@@ -61,13 +61,13 @@
|
||
}
|
||
|
||
permit = (*policy++ == 0);
|
||
- nPolicies = *policy++;
|
||
+ nPolicies = (CARD8) *policy++;
|
||
|
||
length -= 2;
|
||
|
||
sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
|
||
|
||
- while (nPolicies) {
|
||
+ while (nPolicies > 0) {
|
||
int strLen, sitePolicy;
|
||
|
||
if (length == 0) {
|
||
@@ -75,7 +75,7 @@
|
||
return FALSE;
|
||
}
|
||
|
||
- strLen = *policy++;
|
||
+ strLen = (CARD8) *policy++;
|
||
if (--length < strLen) {
|
||
*reason = InvalidPolicyReason;
|
||
return FALSE;
|
||
@@ -87,7 +87,7 @@
|
||
{
|
||
char *testPolicy = sitePolicies[sitePolicy];
|
||
if ((strLen == strlen(testPolicy)) &&
|
||
- (strncmp(policy, testPolicy, strLen) == 0))
|
||
+ (strncmp((char *)policy, testPolicy, strLen) == 0))
|
||
{
|
||
found = TRUE; /* need to continue parsing the policy... */
|
||
break;
|
||
@@ -107,7 +107,7 @@
|
||
}
|
||
|
||
*data_lengthP = length;
|
||
- *dataP = policy;
|
||
+ *dataP = (char *)policy;
|
||
return TRUE;
|
||
}
|
||
|
||
Index: programs/Xserver/os/xdmcp.c
|
||
diff -u programs/Xserver/os/xdmcp.c:1.1.1.2 X11/xc/programs/Xserver/os/xdmcp.c:1.2
|
||
--- programs/Xserver/os/xdmcp.c:1.1.1.2 Fri Jan 8 10:56:48 1999
|
||
+++ programs/Xserver/os/xdmcp.c Mon Jul 10 15:26:07 2000
|
||
@@ -1,5 +1,5 @@
|
||
/* $XConsortium: xdmcp.c /main/34 1996/12/02 10:23:29 lehors $ */
|
||
-/* $XFree86: xc/programs/Xserver/os/xdmcp.c,v 3.9.2.1 1998/12/18 11:56:34 dawes Exp $ */
|
||
+/* $XFree86: xc/programs/Xserver/os/xdmcp.c,v 3.9.2.2 2000/02/08 20:32:12 dawes Exp $ */
|
||
/*
|
||
* Copyright 1989 Network Computing Devices, Inc., Mountain View, California.
|
||
*
|
||
@@ -290,7 +290,10 @@
|
||
return (i + 1);
|
||
}
|
||
if (strcmp(argv[i], "-port") == 0) {
|
||
- ++i;
|
||
+ if (++i == argc) {
|
||
+ ErrorF("Xserver: missing port number in command line\n");
|
||
+ exit(1);
|
||
+ }
|
||
xdm_udp_port = atoi(argv[i]);
|
||
return (i + 1);
|
||
}
|
||
@@ -300,18 +303,28 @@
|
||
}
|
||
if (strcmp(argv[i], "-class") == 0) {
|
||
++i;
|
||
+ if (++i == argc) {
|
||
+ ErrorF("Xserver: missing class name in command line\n");
|
||
+ exit(1);
|
||
+ }
|
||
defaultDisplayClass = argv[i];
|
||
return (i + 1);
|
||
}
|
||
#ifdef HASXDMAUTH
|
||
if (strcmp(argv[i], "-cookie") == 0) {
|
||
- ++i;
|
||
+ if (++i == argc) {
|
||
+ ErrorF("Xserver: missing cookie data in command line\n");
|
||
+ exit(1);
|
||
+ }
|
||
xdmAuthCookie = argv[i];
|
||
return (i + 1);
|
||
}
|
||
#endif
|
||
if (strcmp(argv[i], "-displayID") == 0) {
|
||
- ++i;
|
||
+ if (++i == argc) {
|
||
+ ErrorF("Xserver: missing displayID in command line\n");
|
||
+ exit(1);
|
||
+ }
|
||
XdmcpRegisterManufacturerDisplayID (argv[i], strlen (argv[i]));
|
||
return (i + 1);
|
||
}
|
||
Index: programs/Xserver/xkb/ddxLoad.c
|
||
diff -u programs/Xserver/xkb/ddxLoad.c:1.1.1.3 X11/xc/programs/Xserver/xkb/ddxLoad.c:1.2
|
||
--- programs/Xserver/xkb/ddxLoad.c:1.1.1.3 Sat Nov 28 01:49:13 1998
|
||
+++ programs/Xserver/xkb/ddxLoad.c Mon Jul 10 15:28:10 2000
|
||
@@ -24,7 +24,7 @@
|
||
THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||
|
||
********************************************************/
|
||
-/* $XFree86: xc/programs/Xserver/xkb/ddxLoad.c,v 3.19.2.3 1998/09/27 12:59:29 hohndel Exp $ */
|
||
+/* $XFree86: xc/programs/Xserver/xkb/ddxLoad.c,v 3.19.2.4 2000/06/15 23:24:07 dawes Exp $ */
|
||
|
||
#include <stdio.h>
|
||
#include <ctype.h>
|
||
@@ -139,10 +139,8 @@
|
||
+strlen(file)+strlen(xkm_output_dir)
|
||
+strlen(outFile)+53 > PATH_MAX)
|
||
{
|
||
-#ifdef DEBUG
|
||
ErrorF("compiler command for keymap (%s) exceeds max length\n",
|
||
names->keymap);
|
||
-#endif
|
||
return False;
|
||
}
|
||
#ifndef __EMX__
|
||
@@ -169,10 +167,8 @@
|
||
+strlen(file)+strlen(xkm_output_dir)
|
||
+strlen(outFile)+49 > PATH_MAX)
|
||
{
|
||
-#ifdef DEBUG
|
||
ErrorF("compiler command for keymap (%s) exceeds max length\n",
|
||
names->keymap);
|
||
-#endif
|
||
return False;
|
||
}
|
||
sprintf(cmd,"xkbcomp -w %d -xkm %s%s -em1 %s -emp %s -eml %s keymap/%s %s%s.xkm",
|
||
@@ -236,6 +232,10 @@
|
||
sprintf(keymap,"server-%s",display);
|
||
}
|
||
else {
|
||
+ if (strlen(names->keymap) > PATH_MAX - 1) {
|
||
+ ErrorF("name of keymap (%s) exceeds max length\n", names->keymap);
|
||
+ return False;
|
||
+ }
|
||
strcpy(keymap,names->keymap);
|
||
}
|
||
|
||
@@ -254,10 +254,8 @@
|
||
+strlen(POST_ERROR_MSG1)+strlen(xkm_output_dir)
|
||
+strlen(keymap)+48 > PATH_MAX)
|
||
{
|
||
-#ifdef DEBUG
|
||
ErrorF("compiler command for keymap (%s) exceeds max length\n",
|
||
names->keymap);
|
||
-#endif
|
||
return False;
|
||
}
|
||
#ifndef WIN32
|
||
@@ -294,10 +292,8 @@
|
||
+strlen(ERROR_PREFIX)+strlen(POST_ERROR_MSG1)
|
||
+strlen(xkm_output_dir)+strlen(keymap)+44 > PATH_MAX)
|
||
{
|
||
-#ifdef DEBUG
|
||
ErrorF("compiler command for keymap (%s) exceeds max length\n",
|
||
names->keymap);
|
||
-#endif
|
||
return False;
|
||
}
|
||
#ifndef WIN32
|
||
Index: programs/Xserver/xkb/xkbInit.c
|
||
diff -u programs/Xserver/xkb/xkbInit.c:1.1.1.2 X11/xc/programs/Xserver/xkb/xkbInit.c:1.3
|
||
--- programs/Xserver/xkb/xkbInit.c:1.1.1.2 Sat Mar 7 09:21:55 1998
|
||
+++ programs/Xserver/xkb/xkbInit.c Mon Jul 10 15:28:10 2000
|
||
@@ -24,7 +24,7 @@
|
||
THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||
|
||
********************************************************/
|
||
-/* $XFree86: xc/programs/Xserver/xkb/xkbInit.c,v 3.12.2.2 1998/02/24 13:20:07 dawes Exp $ */
|
||
+/* $XFree86: xc/programs/Xserver/xkb/xkbInit.c,v 3.12.2.3 2000/06/15 21:58:34 dawes Exp $ */
|
||
|
||
#include <stdio.h>
|
||
#include <stdlib.h>
|
||
@@ -915,8 +915,13 @@
|
||
#endif
|
||
else if (strncmp(argv[i], "-xkbmap", 7) == 0) {
|
||
if(++i < argc) {
|
||
- XkbInitialMap= argv[i];
|
||
- return 2;
|
||
+ if (strlen(argv[i]) < PATH_MAX) {
|
||
+ XkbInitialMap= argv[i];
|
||
+ return 2;
|
||
+ } else {
|
||
+ ErrorF("-xkbmap pathname too long\n");
|
||
+ return -1;
|
||
+ }
|
||
}
|
||
else {
|
||
return -1;
|
||
@@ -924,8 +929,13 @@
|
||
}
|
||
else if (strncmp(argv[i], "-xkbdb", 7) == 0) {
|
||
if(++i < argc) {
|
||
- XkbDB= argv[i];
|
||
- return 2;
|
||
+ if (strlen(argv[i]) < PATH_MAX) {
|
||
+ XkbDB= argv[i];
|
||
+ return 2;
|
||
+ } else {
|
||
+ ErrorF("-xkbdb pathname too long\n");
|
||
+ return -1;
|
||
+ }
|
||
}
|
||
else {
|
||
return -1;
|
||
Index: programs/xfs/os/waitfor.c
|
||
diff -u programs/xfs/os/waitfor.c:1.1 X11/xc/programs/xfs/os/waitfor.c:1.2
|
||
--- programs/xfs/os/waitfor.c:1.1 Fri Sep 5 03:16:07 1997
|
||
+++ programs/xfs/os/waitfor.c Mon Jul 10 15:32:38 2000
|
||
@@ -1,5 +1,5 @@
|
||
/* $XConsortium: waitfor.c /main/15 1996/08/30 14:22:34 kaleb $ */
|
||
-/* $XFree86: xc/programs/xfs/os/waitfor.c,v 3.5 1997/01/18 07:02:48 dawes Exp $ */
|
||
+/* $XFree86: xc/programs/xfs/os/waitfor.c,v 3.5.2.1 2000/06/15 21:58:35 dawes Exp $ */
|
||
/*
|
||
* waits for input
|
||
*/
|
||
@@ -212,7 +212,7 @@
|
||
while (clientsReadable.fds_bits[i]) {
|
||
curclient = ffs(clientsReadable.fds_bits[i]) - 1;
|
||
conn = ConnectionTranslation[curclient + (i << 5)];
|
||
- FD_CLR (curclient, &clientsReadable);
|
||
+ clientsReadable.fds_bits[i] &= ~(((fd_mask)1L) << curclient);
|
||
client = clients[conn];
|
||
if (!client)
|
||
continue;
|
||
--- programs/xauth/process.c.orig Fri Jul 23 15:50:50 1999
|
||
+++ programs/xauth/process.c Mon Sep 25 20:48:02 2000
|
||
@@ -769,21 +769,18 @@
|
||
static int write_auth_file (tmp_nam)
|
||
char *tmp_nam;
|
||
{
|
||
- FILE *fp;
|
||
+ FILE *fp = NULL;
|
||
AuthList *list;
|
||
-
|
||
+ int fd;
|
||
/*
|
||
* xdm and auth spec assumes auth file is 12 or fewer characters
|
||
*/
|
||
strcpy (tmp_nam, xauth_filename);
|
||
strcat (tmp_nam, "-n"); /* for new */
|
||
(void) unlink (tmp_nam);
|
||
- fp = fopen (tmp_nam, "wb"); /* umask is still set to 0077 */
|
||
- if (!fp) {
|
||
- fprintf (stderr, "%s: unable to open tmp file \"%s\"\n",
|
||
- ProgramName, tmp_nam);
|
||
- return -1;
|
||
- }
|
||
+ /* CPhipps 2000/02/12 - fix file unlink/fopen race */
|
||
+ fd = open(tmp_nam, O_WRONLY|O_CREAT|O_EXCL, 0600);
|
||
+ if (fd != -1) fp = fdopen(fd, "wb");
|
||
|
||
/*
|
||
* Write MIT-MAGIC-COOKIE-1 first, because R4 Xlib knows
|