Reported by Oracle Parfait:
Error: Memory leak
   Memory leak [memory-leak] (CWE 401):
      Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
        at line 1955 of process.c in function 'do_generate'.
          authdata allocated at line 1946 with malloc((authdatalen - 1))
      Memory leak of pointer authdata allocated with malloc((authdatalen - 1))
        at line 1971 of process.c in function 'do_generate'.
          authdata allocated at line 1946 with malloc((authdatalen - 1))
          authdata leaks when (i + 1) >= argc at line 1910.
        at line 1980 of process.c in function 'do_generate'.
          authdata allocated at line 1946 with malloc((authdatalen - 1))
          authdata leaks when (i + 1) >= argc at line 1910.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Reported by Oracle Parfait:
Error: Memory leak
   Memory leak [memory-leak] (CWE 401):
      Memory leak of pointer argv allocated with malloc(32)
        at line 283 of process.c in function 'split_into_words'.
          argv allocated at line 264 with malloc(32)
          argv leaks when cur == total at line 280.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Tobias Stoeckmann authored May 03, 2020 and Alan Coopersmith committed May 10, 2020

If an -f argument is exactly 1022 characters in size, an off-by-one
stack overflow happens in auth_finalize. The overflow could be even
larger if locks are ignored for authentication files.

Make sure that a given authentication file name fits into temporary
buffer and that this buffer matches buffer sizes of libXau which is
used by xauth.

The hex key supplied with an add command can be quoted, in which
case the quotation marks are removed.

The check itself makes sure that a given string starts with a
double quotation mark and ends with a double quotation mark.

Buf if only " is supplied, the code crashes because it subtracts
2 from the length (which is 1) and therefore copies too much
memory into a 0 allocated memory area.

Proof of concept:

$ xauth add :0 0 \"

unlink()ing the old auth file before link()ing the temp to the new is
just silly. rename() is atomic and will happily clobber the destination,
and the only thing link() can give you here is the ability to fail on
filesystems that don't support hardlinks.

Fixes: #2

Michal Srb authored May 31, 2018 and Alan Coopersmith committed Jun 09, 2019

There is no point in adding entry or merging lists if a FamilyWild entry would
end in front of any entry, or entry without display number would end in front
of entry with number.

This sorts all entries in order:
  * FamilyWild without display number
  * FamilyWild with display number
  * Other family without display number
  * Other family with display number

The order of the entries in each category is kept.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Michal Srb authored May 31, 2018 and Alan Coopersmith committed Jun 09, 2019

Merging two lists, or adding entry a into list acts unexpectedly if the list
contains FamilyWild or entry with an empty display numbers. For example:

  > xauth list
  #ffff#6f70656e737573652d74756d626c6577656564#:  MIT-MAGIC-COOKIE-1  1500d80327733252cc42ba469138a259

  > xauth add test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
  > xauth list
  test/unix:2  MIT-MAGIC-COOKIE-1  aabbccddeeff00112233445566778899

This is because merge_entries compares entries using `match_auth`, which
follows the same rules as XauGetBestAuthByAddr. Following these rules is good
when filtering the output of `xauth list`, but for merging we should compare
for equality. It used to be done that way before commit 1555fff4

. That commit
changed it to improve the `xauth list` behavior, but did not seem consider the
impact on merge.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Needs to match one of the regexps shown under
https://gcc.gnu.org/onlinedocs/gcc-7.3.0/gcc/Warning-Options.html#index-Wimplicit-fallthrough



Silences warning from gcc 7.3:
process.c: In function ‘dump_entry’:
process.c:1007:9: warning: this statement may fall through [-Wimplicit-fallthrough=]
      if (dpyname) {
         ^
process.c:1012:4: note: here
    default:
    ^~~~~~~

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

If xauth must store its XAUTHORITY file on a file system which is
full, it will be unable to write the changes. This condition was
not detected and therefore often the whole XAUTHORITY file was
cleared. Here is the fix.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=21260



Signed-off-by: Dr. Tilmann Bubeck <tilmann@bubecks.de>

Egbert Eich authored Aug 14, 2013 and Tilmann Bubeck committed Oct 06, 2013

Xlib (xcb) uses XauGetBestAuthByAddr() when looking for an
authorization. 'xauth [n]list $DISPLAY' used a slightly
stricter algorithm which doesn't find a possible authorization
for cases where either the family is set to FamilyWild or
address the address length is 0.

Signed-off-by: Egbert Eich <eich@freedesktop.org>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Thomas Klausner authored Jul 11, 2013 and Tilmann Bubeck committed Sep 24, 2013

Hello!

I see you're the official xauth maintainer according to
http://cgit.freedesktop.org/xorg/doc/xorg-docs/tree/MAINTAINERS#n80



Can you please take a look at the attached patch and merge it?

Thanks,
 Thomas

----- Forwarded message from Thomas Klausner <wiz@NetBSD.org> -----

Date: Sun, 30 Jun 2013 13:29:44 +0200
From: Thomas Klausner <wiz@NetBSD.org>
To: xorg-devel@lists.x.org
Cc: Thomas Klausner <wiz@NetBSD.org>
Subject: [PATCH:xauth] Use copystring to create non-const string.

Fixes "error: assignment discards qualifiers from pointer target type"

Signed-off-by: Thomas Klausner <wiz@NetBSD.org>

Egbert Eich authored Aug 14, 2013 and Tilmann Bubeck committed Sep 23, 2013

Running past the end of the chain would cause a SEGV.

Signed-off-by: Egbert Eich <eich@freedesktop.org>

Drops use of autoconf's obsolete AC_TYPE_SIGNAL and Imake's even more
obsolete SIGNALRETURNSINT.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

For AF_INET6, include Xwinsock.h rather than sys/socket.h on WIN32

Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}'
git diff -w & git diff -b show no diffs from this change

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

On some file systems (like AFP), hard links are not supported. If
link fails, try rename() before giving up.

Reported-by: Jamie Kennea <jamie@pompey.org>
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>

process.c:567:14: warning: Call to 'malloc' has an allocation size of 0 bytes
    retval = malloc (len);
             ^       ~~~
1 warning generated.

Found-by: clang static analyzer
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>

Jesse Adkins authored Sep 28, 2010 and Alan Coopersmith committed Oct 06, 2010

Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com>

What we had in place before was a hack that always used ':0'.  This change
results in the bundle id being used to differentiate different connections.

Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>

https://bugs.freedesktop.org/show_bug.cgi?id=7051



Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>

This avoids reading uninitialized memory later.
Problem reported by Philip Guenther. Thanks.

Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>

From Martin Costabel

    autoconf in addition to Imake's SIGNALRETURNSINT.