1. 02 Aug, 2022 1 commit
  2. 20 Apr, 2022 1 commit
  3. 16 Apr, 2022 2 commits
  4. 10 Apr, 2022 1 commit
    • Alan Coopersmith's avatar
      Fix off-by-one in quote-stripping routines · a5c70489
      Alan Coopersmith authored
      
      
      Reported by Oracle Parfait:
      
      Error: Buffer overrun
         Buffer overflow [buffer-overflow] (CWE 120):
            In pointer dereference of key[(len - 1)] with index (len - 1)
            Array size >= 1 bytes, index >= 1
              at line 1647 of process.c in function 'do_add'.
      
      Error: Buffer overrun
         Buffer overflow [buffer-overflow] (CWE 120):
            In pointer dereference of authdata[(authdatalen - 1)] with index (authdatalen - 1)
            Array size is ??? bytes, index is ???
              at line 1965 of process.c in function 'do_generate'.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      a5c70489
  5. 04 Dec, 2021 1 commit
  6. 01 Dec, 2021 5 commits
  7. 29 Nov, 2021 3 commits
  8. 28 Nov, 2021 2 commits
  9. 02 Aug, 2021 1 commit
    • Alex Gendin's avatar
      Fix segfault when X starts · c2811c95
      Alex Gendin authored and Alan Coopersmith's avatar Alan Coopersmith committed
      This patch potentially fixes bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884934
      
      System log entries when this bug occurs:
          kernel: xauth[16729]: segfault at 1 ip 00007f51f517f5a5 sp 00007ffdec846568 error 4
                                in libc-2.31.so[7f51f5102000+144000]
          kernel: Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0
                        0f 49 29 d0 48 8d 7c 17 31 e9 8f 0b 00 00 66 0f ef c0 <f3> 0f 6f 0e f3
                        0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f
      
      This bug happens when function get_address_info() in gethost.c is called
      with a display name without forward slash, for example 'myhost.mydomain:0'
      c2811c95
  10. 22 Apr, 2021 1 commit
  11. 20 Aug, 2020 1 commit
  12. 10 May, 2020 4 commits
  13. 03 May, 2020 1 commit
    • Tobias Stoeckmann's avatar
      Fix segmentation fault on invalid add argument. · cb98d3b3
      Tobias Stoeckmann authored
      The hex key supplied with an add command can be quoted, in which
      case the quotation marks are removed.
      
      The check itself makes sure that a given string starts with a
      double quotation mark and ends with a double quotation mark.
      
      Buf if only " is supplied, the code crashes because it subtracts
      2 from the length (which is 1) and therefore copies too much
      memory into a 0 allocated memory area.
      
      Proof of concept:
      
      $ xauth add :0 0 \"
      cb98d3b3
  14. 11 Jul, 2019 1 commit
  15. 20 Jun, 2019 1 commit
    • Adam Jackson's avatar
      process: Close a window where no authority file would exist · 0932418d
      Adam Jackson authored
      unlink()ing the old auth file before link()ing the temp to the new is
      just silly. rename() is atomic and will happily clobber the destination,
      and the only thing link() can give you here is the ability to fail on
      filesystems that don't support hardlinks.
      
      Fixes: #2
      0932418d
  16. 09 Jun, 2019 2 commits
    • Michal Srb's avatar
      Sort entries from most specific to most generic. · 42239054
      Michal Srb authored and Alan Coopersmith's avatar Alan Coopersmith committed
      
      
      There is no point in adding entry or merging lists if a FamilyWild entry would
      end in front of any entry, or entry without display number would end in front
      of entry with number.
      
      This sorts all entries in order:
        * FamilyWild without display number
        * FamilyWild with display number
        * Other family without display number
        * Other family with display number
      
      The order of the entries in each category is kept.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      42239054
    • Michal Srb's avatar
      Merge only entries with equal dpy and protoname. · 06a21f7c
      Michal Srb authored and Alan Coopersmith's avatar Alan Coopersmith committed
      Merging two lists, or adding entry a into list acts unexpectedly if the list
      contains FamilyWild or entry with an empty display numbers. For example:
      
        > xauth list
        #ffff#6f70656e737573652d74756d626c6577656564#:  MIT-MAGIC-COOKIE-1  1500d80327733252cc42ba469138a259
      
        > xauth add test/unix:2 MIT-MAGIC-COOKIE-1 aabbccddeeff00112233445566778899
        > xauth list
        test/unix:2  MIT-MAGIC-COOKIE-1  aabbccddeeff00112233445566778899
      
      This is because merge_entries compares entries using `match_auth`, which
      follows the same rules as XauGetBestAuthByAddr. Following these rules is good
      when filtering the output of `xauth list`, but for merging we should compare
      for equality. It used to be done that way before commit 1555fff4
      
      . That commit
      changed it to improve the `xauth list` behavior, but did not seem consider the
      impact on merge.
      Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
      06a21f7c
  17. 22 Nov, 2018 1 commit
  18. 17 Nov, 2018 1 commit
  19. 05 May, 2018 1 commit
  20. 29 Jan, 2017 2 commits
  21. 26 Jan, 2017 5 commits
  22. 15 May, 2015 1 commit
  23. 05 Jan, 2015 1 commit