Timo Aaltonen pushed to branch debian-unstable at X Strike Force / app / xauth
Commits:
-
cb98d3b3
by Tobias Stoeckmann at 2020-05-03T12:25:21+02:00
-
f5af3b21
by Tobias Stoeckmann at 2020-05-10T18:03:48+00:00
-
af7a74e2
by Alan Coopersmith at 2020-05-10T11:27:25-07:00
-
4faf0f63
by Alan Coopersmith at 2020-05-10T11:47:33-07:00
-
aaf037ec
by Alan Coopersmith at 2020-05-10T13:21:50-07:00
-
18a3c3a7
by Dr. Tilmann Bubeck at 2020-08-20T20:28:52+02:00
-
d7e50214
by Karol Herbst at 2021-04-22T13:30:14+02:00
-
c2811c95
by Alex Gendin at 2021-08-02T20:30:21+00:00
-
1bfa5bff
by Alan Coopersmith at 2021-11-28T15:04:58-08:00
-
477307d0
by Alan Coopersmith at 2021-11-28T15:32:37-08:00
-
7b2be2b6
by Timo Aaltonen at 2022-04-01T10:01:05+03:00
-
e1d78914
by Timo Aaltonen at 2022-04-01T10:02:01+03:00
-
ad834de2
by Timo Aaltonen at 2022-04-01T10:02:58+03:00
-
83ff9b2c
by Timo Aaltonen at 2022-04-01T10:06:01+03:00
10 changed files:
- README.md
- configure.ac
- debian/changelog
- debian/control
- debian/rules
- gethost.c
- man/xauth.man
- parsedpy.c
- process.c
- tests/030-xauth-extract.script
Changes:
... | ... | @@ -22,7 +22,7 @@ Xorg mailing list: |
22 | 22 | |
23 | 23 | https://lists.x.org/mailman/listinfo/xorg
|
24 | 24 | |
25 | -The master development code repository can be found at:
|
|
25 | +The primary development code repository can be found at:
|
|
26 | 26 | |
27 | 27 | https://gitlab.freedesktop.org/xorg/app/xauth
|
28 | 28 |
... | ... | @@ -22,7 +22,7 @@ dnl Process this file with autoconf to create configure. |
22 | 22 | |
23 | 23 | AC_PREREQ([2.60])
|
24 | 24 | AC_INIT([xauth],
|
25 | - [1.1],
|
|
25 | + [1.1.1],
|
|
26 | 26 | [https://gitlab.freedesktop.org/xorg/app/xauth/issues],
|
27 | 27 | [xauth])
|
28 | 28 | AM_INIT_AUTOMAKE([foreign dist-bzip2])
|
... | ... | @@ -42,7 +42,7 @@ XORG_DEFAULT_OPTIONS |
42 | 42 | |
43 | 43 | AC_CHECK_HEADERS([net/errno.h])
|
44 | 44 | |
45 | -AC_CHECK_FUNCS([strlcpy])
|
|
45 | +AC_CHECK_FUNCS([reallocarray strlcpy])
|
|
46 | 46 | |
47 | 47 | # Checks for pkg-config packages
|
48 | 48 | PKG_CHECK_MODULES(XAUTH, x11 xau xext xmuu xproto >= 7.0.17)
|
1 | +xauth (1:1.1.1-1) unstable; urgency=medium
|
|
2 | + |
|
3 | + * New upstream release.
|
|
4 | + * control, rules: Bump debhelper-compat to 13.
|
|
5 | + |
|
6 | + -- Timo Aaltonen <tjaalton@debian.org> Fri, 01 Apr 2022 10:05:54 +0300
|
|
7 | + |
|
1 | 8 | xauth (1:1.1-1) unstable; urgency=medium
|
2 | 9 | |
3 | 10 | * New upstream release.
|
... | ... | @@ -3,7 +3,7 @@ Section: x11 |
3 | 3 | Priority: optional
|
4 | 4 | Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
|
5 | 5 | Build-Depends:
|
6 | - debhelper-compat (= 12),
|
|
6 | + debhelper-compat (= 13),
|
|
7 | 7 | quilt,
|
8 | 8 | pkg-config,
|
9 | 9 | libx11-dev (>= 2:1.0.0),
|
... | ... | @@ -4,10 +4,6 @@ |
4 | 4 | override_dh_auto_install:
|
5 | 5 | dh_auto_install --destdir=debian/tmp
|
6 | 6 | |
7 | -# Forget no-one:
|
|
8 | -override_dh_missing:
|
|
9 | - dh_missing --fail-missing
|
|
10 | - |
|
11 | 7 | override_dh_auto_test:
|
12 | 8 | dh_auto_test -- VERBOSE=1
|
13 | 9 |
... | ... | @@ -199,17 +199,17 @@ struct addrlist *get_address_info ( |
199 | 199 | #ifdef HAVE_STRLCPY
|
200 | 200 | strlcpy(path, fulldpyname, sizeof(path));
|
201 | 201 | #else
|
202 | - strncpy(path, fulldpyname, sizeof(path));
|
|
202 | + strncpy(path, fulldpyname, sizeof(path) - 1);
|
|
203 | 203 | path[sizeof(path) - 1] = '\0';
|
204 | 204 | #endif
|
205 | - if (0 == stat(path, &sbuf)) {
|
|
205 | + if (0 == stat(path, &sbuf) && S_ISSOCK(sbuf.st_mode) ) {
|
|
206 | 206 | is_path_to_socket = 1;
|
207 | 207 | } else {
|
208 | 208 | char *dot = strrchr(path, '.');
|
209 | 209 | if (dot) {
|
210 | 210 | *dot = '\0';
|
211 | 211 | /* screen = atoi(dot + 1); */
|
212 | - if (0 == stat(path, &sbuf)) {
|
|
212 | + if (0 == stat(path, &sbuf) && S_ISSOCK(sbuf.st_mode)) {
|
|
213 | 213 | is_path_to_socket = 1;
|
214 | 214 | }
|
215 | 215 | }
|
... | ... | @@ -218,10 +218,11 @@ struct addrlist *get_address_info ( |
218 | 218 | if (is_path_to_socket) {
|
219 | 219 | /* Use the bundle id (part preceding : in the basename) as our src id */
|
220 | 220 | char *c;
|
221 | + c = strrchr(fulldpyname, '/');
|
|
221 | 222 | #ifdef HAVE_STRLCPY
|
222 | - strlcpy(buf, strrchr(fulldpyname, '/') + 1, sizeof(buf));
|
|
223 | + strlcpy(buf, (NULL != c) ? c + 1 : fulldpyname, sizeof(buf));
|
|
223 | 224 | #else
|
224 | - strncpy(buf, strrchr(fulldpyname, '/') + 1, sizeof(buf));
|
|
225 | + strncpy(buf, (NULL != c) ? c + 1 : fulldpyname, sizeof(buf) - 1);
|
|
225 | 226 | buf[sizeof(buf) - 1] = '\0';
|
226 | 227 | #endif
|
227 | 228 |
... | ... | @@ -238,10 +238,10 @@ Xserver(__appmansuffix__), xdm(__appmansuffix__), startx(__appmansuffix__), |
238 | 238 | Xau(__libmansuffix__).
|
239 | 239 | .SH BUGS
|
240 | 240 | .PP
|
241 | -Users that have unsecure networks should take care to use encrypted
|
|
241 | +Users that have insecure networks should take care to use encrypted
|
|
242 | 242 | file transfer mechanisms to copy authorization entries between machines.
|
243 | 243 | Similarly, the \fIMIT-MAGIC-COOKIE-1\fP protocol is not very useful in
|
244 | -unsecure environments. Sites that are interested in additional security
|
|
244 | +insecure environments. Sites that are interested in additional security
|
|
245 | 245 | may need to use encrypted authorization mechanisms such as Kerberos.
|
246 | 246 | .PP
|
247 | 247 | Spaces are currently not allowed in the protocol name. Quoting could be
|
... | ... | @@ -35,7 +35,7 @@ in this Software without prior written authorization from The Open Group. |
35 | 35 | #include <stdio.h> /* for NULL */
|
36 | 36 | #include <ctype.h> /* for isascii() and isdigit() */
|
37 | 37 | #include <X11/Xos.h> /* for strchr() and string routines */
|
38 | -#include <X11/Xlib.h> /* for Family contants */
|
|
38 | +#include <X11/Xlib.h> /* for Family constants */
|
|
39 | 39 | #ifdef hpux
|
40 | 40 | #include <sys/utsname.h> /* for struct utsname */
|
41 | 41 | #endif
|
... | ... | @@ -172,7 +172,7 @@ parse_displayname (const char *displayname, |
172 | 172 | #ifdef HAVE_STRLCPY
|
173 | 173 | strlcpy(path, displayname, sizeof(path));
|
174 | 174 | #else
|
175 | - strncpy(path, displayname, sizeof(path));
|
|
175 | + strncpy(path, displayname, sizeof(path) - 1);
|
|
176 | 176 | path[sizeof(path) - 1] = '\0';
|
177 | 177 | #endif
|
178 | 178 | if (0 == stat(path, &sbuf)) {
|
... | ... | @@ -37,6 +37,7 @@ from The Open Group. |
37 | 37 | #include "xauth.h"
|
38 | 38 | #include <ctype.h>
|
39 | 39 | #include <errno.h>
|
40 | +#include <stdint.h>
|
|
40 | 41 | #include <sys/stat.h>
|
41 | 42 | #ifndef WIN32
|
42 | 43 | #include <sys/socket.h>
|
... | ... | @@ -251,6 +252,18 @@ skip_nonspace(register char *s) |
251 | 252 | return s;
|
252 | 253 | }
|
253 | 254 | |
255 | +#ifndef HAVE_REALLOCARRAY
|
|
256 | +static inline void *
|
|
257 | +reallocarray(void *optr, size_t nmemb, size_t size)
|
|
258 | +{
|
|
259 | + if ((nmemb > 0) && (SIZE_MAX / nmemb < size)) {
|
|
260 | + errno = ENOMEM;
|
|
261 | + return NULL;
|
|
262 | + }
|
|
263 | + return realloc(optr, size * nmemb);
|
|
264 | +}
|
|
265 | +#endif
|
|
266 | + |
|
254 | 267 | static const char **
|
255 | 268 | split_into_words(char *src, int *argcp) /* argvify string */
|
256 | 269 | {
|
... | ... | @@ -278,9 +291,15 @@ split_into_words(char *src, int *argcp) /* argvify string */ |
278 | 291 | savec = *src;
|
279 | 292 | *src = '\0';
|
280 | 293 | if (cur == total) {
|
294 | + const char **new_argv;
|
|
281 | 295 | total += WORDSTOALLOC;
|
282 | - argv = realloc (argv, total * sizeof (char *));
|
|
283 | - if (!argv) return NULL;
|
|
296 | + new_argv = reallocarray (argv, total, sizeof (char *));
|
|
297 | + if (new_argv != NULL) {
|
|
298 | + argv = new_argv;
|
|
299 | + } else {
|
|
300 | + free(argv);
|
|
301 | + return NULL;
|
|
302 | + }
|
|
284 | 303 | }
|
285 | 304 | argv[cur++] = jword;
|
286 | 305 | if (savec) src++; /* if not last on line advance */
|
... | ... | @@ -633,7 +652,7 @@ static Bool xauth_modified = False; /* if added, removed, or merged */ |
633 | 652 | static Bool xauth_allowed = True; /* if allowed to write auth file */
|
634 | 653 | static Bool xauth_locked = False; /* if has been locked */
|
635 | 654 | static const char *xauth_filename = NULL;
|
636 | -static volatile Bool dieing = False;
|
|
655 | +static volatile Bool dying = False;
|
|
637 | 656 | |
638 | 657 | |
639 | 658 | /* poor man's puts(), for under signal handlers,
|
... | ... | @@ -645,7 +664,7 @@ _X_NORETURN |
645 | 664 | static void
|
646 | 665 | die(int sig)
|
647 | 666 | {
|
648 | - dieing = True;
|
|
667 | + dying = True;
|
|
649 | 668 | _exit (auth_finalize ());
|
650 | 669 | /* NOTREACHED */
|
651 | 670 | }
|
... | ... | @@ -697,6 +716,10 @@ auth_initialize(const char *authfilename) |
697 | 716 | FILE *authfp;
|
698 | 717 | Bool exists;
|
699 | 718 | |
719 | + if (strlen(authfilename) > 1022) {
|
|
720 | + fprintf (stderr, "%s: authority file name \"%s\" too long\n",
|
|
721 | + ProgramName, authfilename);
|
|
722 | + }
|
|
700 | 723 | xauth_filename = authfilename; /* used in cleanup, prevent race with
|
701 | 724 | signals */
|
702 | 725 | register_signals ();
|
... | ... | @@ -854,10 +877,10 @@ write_auth_file(char *tmp_nam) |
854 | 877 | int
|
855 | 878 | auth_finalize(void)
|
856 | 879 | {
|
857 | - char temp_name[1024]; /* large filename size */
|
|
880 | + char temp_name[1025]; /* large filename size */
|
|
858 | 881 | |
859 | 882 | if (xauth_modified) {
|
860 | - if (dieing) {
|
|
883 | + if (dying) {
|
|
861 | 884 | if (verbose) {
|
862 | 885 | /*
|
863 | 886 | * called from a signal handler -- printf is *not* reentrant; also
|
... | ... | @@ -1614,13 +1637,22 @@ do_add(const char *inputfilename, int lineno, int argc, const char **argv) |
1614 | 1637 | hexkey = argv[3];
|
1615 | 1638 | |
1616 | 1639 | len = strlen(hexkey);
|
1617 | - if (hexkey[0] == '"' && hexkey[len-1] == '"') {
|
|
1640 | + if (len > 1 && hexkey[0] == '"' && hexkey[len-1] == '"') {
|
|
1618 | 1641 | key = malloc(len-1);
|
1642 | + if (!key) {
|
|
1643 | + fprintf(stderr, "unable to allocate memory\n");
|
|
1644 | + return 1;
|
|
1645 | + }
|
|
1619 | 1646 | strncpy(key, hexkey+1, len-2);
|
1647 | + key[len-1] = '\0';
|
|
1620 | 1648 | len -= 2;
|
1621 | 1649 | } else if (!strcmp(protoname, SECURERPC) ||
|
1622 | 1650 | !strcmp(protoname, K5AUTH)) {
|
1623 | 1651 | key = malloc(len+1);
|
1652 | + if (!key) {
|
|
1653 | + fprintf(stderr, "unable to allocate memory\n");
|
|
1654 | + return 1;
|
|
1655 | + }
|
|
1624 | 1656 | strcpy(key, hexkey);
|
1625 | 1657 | } else {
|
1626 | 1658 | len = cvthexkey (hexkey, &key);
|
... | ... | @@ -1859,10 +1891,10 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1859 | 1891 | const char *displayname;
|
1860 | 1892 | int major_version, minor_version;
|
1861 | 1893 | XSecurityAuthorization id_return;
|
1862 | - Xauth *auth_in, *auth_return;
|
|
1894 | + Xauth *auth_in = NULL, *auth_return = NULL;
|
|
1863 | 1895 | XSecurityAuthorizationAttributes attributes;
|
1864 | 1896 | unsigned long attrmask = 0;
|
1865 | - Display *dpy;
|
|
1897 | + Display *dpy = NULL;
|
|
1866 | 1898 | int status;
|
1867 | 1899 | const char *args[4];
|
1868 | 1900 | const char *protoname = ".";
|
... | ... | @@ -1870,7 +1902,7 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1870 | 1902 | int authdatalen = 0;
|
1871 | 1903 | const char *hexdata;
|
1872 | 1904 | char *authdata = NULL;
|
1873 | - char *hex;
|
|
1905 | + char *hex = NULL;
|
|
1874 | 1906 | |
1875 | 1907 | if (argc < 2 || !argv[1]) {
|
1876 | 1908 | prefix (inputfilename, lineno);
|
... | ... | @@ -1889,7 +1921,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1889 | 1921 | if (++i == argc) {
|
1890 | 1922 | prefix (inputfilename, lineno);
|
1891 | 1923 | badcommandline (argv[i-1]);
|
1892 | - return 1;
|
|
1924 | + status = 1;
|
|
1925 | + goto exit_generate;
|
|
1893 | 1926 | }
|
1894 | 1927 | attributes.timeout = atoi(argv[i]);
|
1895 | 1928 | attrmask |= XSecurityTimeout;
|
... | ... | @@ -1906,7 +1939,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1906 | 1939 | if (++i == argc) {
|
1907 | 1940 | prefix (inputfilename, lineno);
|
1908 | 1941 | badcommandline (argv[i-1]);
|
1909 | - return 1;
|
|
1942 | + status = 1;
|
|
1943 | + goto exit_generate;
|
|
1910 | 1944 | }
|
1911 | 1945 | attributes.group = atoi(argv[i]);
|
1912 | 1946 | attrmask |= XSecurityGroup;
|
... | ... | @@ -1915,13 +1949,20 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1915 | 1949 | if (++i == argc) {
|
1916 | 1950 | prefix (inputfilename, lineno);
|
1917 | 1951 | badcommandline (argv[i-1]);
|
1918 | - return 1;
|
|
1952 | + status = 1;
|
|
1953 | + goto exit_generate;
|
|
1919 | 1954 | }
|
1920 | 1955 | hexdata = argv[i];
|
1921 | 1956 | authdatalen = strlen(hexdata);
|
1922 | 1957 | if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') {
|
1923 | 1958 | authdata = malloc(authdatalen-1);
|
1959 | + if (!authdata) {
|
|
1960 | + fprintf(stderr, "unable to allocate memory\n");
|
|
1961 | + status = 1;
|
|
1962 | + goto exit_generate;
|
|
1963 | + }
|
|
1924 | 1964 | strncpy(authdata, hexdata+1, authdatalen-2);
|
1965 | + authdata[authdatalen-1] = '\0';
|
|
1925 | 1966 | authdatalen -= 2;
|
1926 | 1967 | } else {
|
1927 | 1968 | authdatalen = cvthexkey (hexdata, &authdata);
|
... | ... | @@ -1929,13 +1970,15 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1929 | 1970 | prefix (inputfilename, lineno);
|
1930 | 1971 | fprintf (stderr,
|
1931 | 1972 | "data contains odd number of or non-hex characters\n");
|
1932 | - return 1;
|
|
1973 | + status = 1;
|
|
1974 | + goto exit_generate;
|
|
1933 | 1975 | }
|
1934 | 1976 | }
|
1935 | 1977 | } else {
|
1936 | 1978 | prefix (inputfilename, lineno);
|
1937 | 1979 | badcommandline (argv[i]);
|
1938 | - return 1;
|
|
1980 | + status = 1;
|
|
1981 | + goto exit_generate;
|
|
1939 | 1982 | }
|
1940 | 1983 | }
|
1941 | 1984 | |
... | ... | @@ -1945,7 +1988,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1945 | 1988 | if (!dpy) {
|
1946 | 1989 | prefix (inputfilename, lineno);
|
1947 | 1990 | fprintf (stderr, "unable to open display \"%s\".\n", displayname);
|
1948 | - return 1;
|
|
1991 | + status = 1;
|
|
1992 | + goto exit_generate;
|
|
1949 | 1993 | }
|
1950 | 1994 | |
1951 | 1995 | status = XSecurityQueryExtension(dpy, &major_version, &minor_version);
|
... | ... | @@ -1954,7 +1998,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1954 | 1998 | prefix (inputfilename, lineno);
|
1955 | 1999 | fprintf (stderr, "couldn't query Security extension on display \"%s\"\n",
|
1956 | 2000 | displayname);
|
1957 | - return 1;
|
|
2001 | + status = 1;
|
|
2002 | + goto exit_generate;
|
|
1958 | 2003 | }
|
1959 | 2004 | |
1960 | 2005 | /* fill in input Xauth struct */
|
... | ... | @@ -1979,7 +2024,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1979 | 2024 | {
|
1980 | 2025 | prefix (inputfilename, lineno);
|
1981 | 2026 | fprintf (stderr, "couldn't generate authorization\n");
|
1982 | - return 1;
|
|
2027 | + status = 1;
|
|
2028 | + goto exit_generate;
|
|
1983 | 2029 | }
|
1984 | 2030 | |
1985 | 2031 | if (verbose)
|
... | ... | @@ -1994,10 +2040,12 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1994 | 2040 | |
1995 | 2041 | status = do_add(inputfilename, lineno, 4, args);
|
1996 | 2042 | |
1997 | - if (authdata) free(authdata);
|
|
2043 | + exit_generate:
|
|
2044 | + free(authdata);
|
|
1998 | 2045 | XSecurityFreeXauth(auth_in);
|
1999 | 2046 | XSecurityFreeXauth(auth_return);
|
2000 | 2047 | free(hex);
|
2001 | - XCloseDisplay(dpy);
|
|
2048 | + if (dpy != NULL)
|
|
2049 | + XCloseDisplay(dpy);
|
|
2002 | 2050 | return status;
|
2003 | 2051 | } |
... | ... | @@ -8,7 +8,7 @@ xauth add examplehost1/unix:0 . b90b0fd1cf6a0e7a2c74c00000000001 |
8 | 8 | xauth add examplehost2/unix:0 . b90b0fd1cf6a0e7a2c74c00000000002
|
9 | 9 | xauth add examplehost3/unix:0 . b90b0fd1cf6a0e7a2c74c00000000003
|
10 | 10 | |
11 | -# Use xauth_silent because otherwise the system dependant pathes are printed
|
|
11 | +# Use xauth_silent because otherwise the system dependent paths are printed
|
|
12 | 12 | XAUTHORITY2=$DATADIR/.Xauthority2
|
13 | 13 | xauth_silent extract $XAUTHORITY2 examplehost2/unix:0
|
14 | 14 | xauth_silent -f $XAUTHORITY2 list
|