... |
... |
@@ -37,6 +37,7 @@ from The Open Group. |
37
|
37
|
#include "xauth.h"
|
38
|
38
|
#include <ctype.h>
|
39
|
39
|
#include <errno.h>
|
|
40
|
+#include <stdint.h>
|
40
|
41
|
#include <sys/stat.h>
|
41
|
42
|
#ifndef WIN32
|
42
|
43
|
#include <sys/socket.h>
|
... |
... |
@@ -251,6 +252,18 @@ skip_nonspace(register char *s) |
251
|
252
|
return s;
|
252
|
253
|
}
|
253
|
254
|
|
|
255
|
+#ifndef HAVE_REALLOCARRAY
|
|
256
|
+static inline void *
|
|
257
|
+reallocarray(void *optr, size_t nmemb, size_t size)
|
|
258
|
+{
|
|
259
|
+ if ((nmemb > 0) && (SIZE_MAX / nmemb < size)) {
|
|
260
|
+ errno = ENOMEM;
|
|
261
|
+ return NULL;
|
|
262
|
+ }
|
|
263
|
+ return realloc(optr, size * nmemb);
|
|
264
|
+}
|
|
265
|
+#endif
|
|
266
|
+
|
254
|
267
|
static const char **
|
255
|
268
|
split_into_words(char *src, int *argcp) /* argvify string */
|
256
|
269
|
{
|
... |
... |
@@ -278,9 +291,15 @@ split_into_words(char *src, int *argcp) /* argvify string */ |
278
|
291
|
savec = *src;
|
279
|
292
|
*src = '\0';
|
280
|
293
|
if (cur == total) {
|
|
294
|
+ const char **new_argv;
|
281
|
295
|
total += WORDSTOALLOC;
|
282
|
|
- argv = realloc (argv, total * sizeof (char *));
|
283
|
|
- if (!argv) return NULL;
|
|
296
|
+ new_argv = reallocarray (argv, total, sizeof (char *));
|
|
297
|
+ if (new_argv != NULL) {
|
|
298
|
+ argv = new_argv;
|
|
299
|
+ } else {
|
|
300
|
+ free(argv);
|
|
301
|
+ return NULL;
|
|
302
|
+ }
|
284
|
303
|
}
|
285
|
304
|
argv[cur++] = jword;
|
286
|
305
|
if (savec) src++; /* if not last on line advance */
|
... |
... |
@@ -633,7 +652,7 @@ static Bool xauth_modified = False; /* if added, removed, or merged */ |
633
|
652
|
static Bool xauth_allowed = True; /* if allowed to write auth file */
|
634
|
653
|
static Bool xauth_locked = False; /* if has been locked */
|
635
|
654
|
static const char *xauth_filename = NULL;
|
636
|
|
-static volatile Bool dieing = False;
|
|
655
|
+static volatile Bool dying = False;
|
637
|
656
|
|
638
|
657
|
|
639
|
658
|
/* poor man's puts(), for under signal handlers,
|
... |
... |
@@ -645,7 +664,7 @@ _X_NORETURN |
645
|
664
|
static void
|
646
|
665
|
die(int sig)
|
647
|
666
|
{
|
648
|
|
- dieing = True;
|
|
667
|
+ dying = True;
|
649
|
668
|
_exit (auth_finalize ());
|
650
|
669
|
/* NOTREACHED */
|
651
|
670
|
}
|
... |
... |
@@ -697,6 +716,10 @@ auth_initialize(const char *authfilename) |
697
|
716
|
FILE *authfp;
|
698
|
717
|
Bool exists;
|
699
|
718
|
|
|
719
|
+ if (strlen(authfilename) > 1022) {
|
|
720
|
+ fprintf (stderr, "%s: authority file name \"%s\" too long\n",
|
|
721
|
+ ProgramName, authfilename);
|
|
722
|
+ }
|
700
|
723
|
xauth_filename = authfilename; /* used in cleanup, prevent race with
|
701
|
724
|
signals */
|
702
|
725
|
register_signals ();
|
... |
... |
@@ -854,10 +877,10 @@ write_auth_file(char *tmp_nam) |
854
|
877
|
int
|
855
|
878
|
auth_finalize(void)
|
856
|
879
|
{
|
857
|
|
- char temp_name[1024]; /* large filename size */
|
|
880
|
+ char temp_name[1025]; /* large filename size */
|
858
|
881
|
|
859
|
882
|
if (xauth_modified) {
|
860
|
|
- if (dieing) {
|
|
883
|
+ if (dying) {
|
861
|
884
|
if (verbose) {
|
862
|
885
|
/*
|
863
|
886
|
* called from a signal handler -- printf is *not* reentrant; also
|
... |
... |
@@ -1614,13 +1637,22 @@ do_add(const char *inputfilename, int lineno, int argc, const char **argv) |
1614
|
1637
|
hexkey = argv[3];
|
1615
|
1638
|
|
1616
|
1639
|
len = strlen(hexkey);
|
1617
|
|
- if (hexkey[0] == '"' && hexkey[len-1] == '"') {
|
|
1640
|
+ if (len > 1 && hexkey[0] == '"' && hexkey[len-1] == '"') {
|
1618
|
1641
|
key = malloc(len-1);
|
|
1642
|
+ if (!key) {
|
|
1643
|
+ fprintf(stderr, "unable to allocate memory\n");
|
|
1644
|
+ return 1;
|
|
1645
|
+ }
|
1619
|
1646
|
strncpy(key, hexkey+1, len-2);
|
|
1647
|
+ key[len-1] = '\0';
|
1620
|
1648
|
len -= 2;
|
1621
|
1649
|
} else if (!strcmp(protoname, SECURERPC) ||
|
1622
|
1650
|
!strcmp(protoname, K5AUTH)) {
|
1623
|
1651
|
key = malloc(len+1);
|
|
1652
|
+ if (!key) {
|
|
1653
|
+ fprintf(stderr, "unable to allocate memory\n");
|
|
1654
|
+ return 1;
|
|
1655
|
+ }
|
1624
|
1656
|
strcpy(key, hexkey);
|
1625
|
1657
|
} else {
|
1626
|
1658
|
len = cvthexkey (hexkey, &key);
|
... |
... |
@@ -1859,10 +1891,10 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1859
|
1891
|
const char *displayname;
|
1860
|
1892
|
int major_version, minor_version;
|
1861
|
1893
|
XSecurityAuthorization id_return;
|
1862
|
|
- Xauth *auth_in, *auth_return;
|
|
1894
|
+ Xauth *auth_in = NULL, *auth_return = NULL;
|
1863
|
1895
|
XSecurityAuthorizationAttributes attributes;
|
1864
|
1896
|
unsigned long attrmask = 0;
|
1865
|
|
- Display *dpy;
|
|
1897
|
+ Display *dpy = NULL;
|
1866
|
1898
|
int status;
|
1867
|
1899
|
const char *args[4];
|
1868
|
1900
|
const char *protoname = ".";
|
... |
... |
@@ -1870,7 +1902,7 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1870
|
1902
|
int authdatalen = 0;
|
1871
|
1903
|
const char *hexdata;
|
1872
|
1904
|
char *authdata = NULL;
|
1873
|
|
- char *hex;
|
|
1905
|
+ char *hex = NULL;
|
1874
|
1906
|
|
1875
|
1907
|
if (argc < 2 || !argv[1]) {
|
1876
|
1908
|
prefix (inputfilename, lineno);
|
... |
... |
@@ -1889,7 +1921,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1889
|
1921
|
if (++i == argc) {
|
1890
|
1922
|
prefix (inputfilename, lineno);
|
1891
|
1923
|
badcommandline (argv[i-1]);
|
1892
|
|
- return 1;
|
|
1924
|
+ status = 1;
|
|
1925
|
+ goto exit_generate;
|
1893
|
1926
|
}
|
1894
|
1927
|
attributes.timeout = atoi(argv[i]);
|
1895
|
1928
|
attrmask |= XSecurityTimeout;
|
... |
... |
@@ -1906,7 +1939,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1906
|
1939
|
if (++i == argc) {
|
1907
|
1940
|
prefix (inputfilename, lineno);
|
1908
|
1941
|
badcommandline (argv[i-1]);
|
1909
|
|
- return 1;
|
|
1942
|
+ status = 1;
|
|
1943
|
+ goto exit_generate;
|
1910
|
1944
|
}
|
1911
|
1945
|
attributes.group = atoi(argv[i]);
|
1912
|
1946
|
attrmask |= XSecurityGroup;
|
... |
... |
@@ -1915,13 +1949,20 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1915
|
1949
|
if (++i == argc) {
|
1916
|
1950
|
prefix (inputfilename, lineno);
|
1917
|
1951
|
badcommandline (argv[i-1]);
|
1918
|
|
- return 1;
|
|
1952
|
+ status = 1;
|
|
1953
|
+ goto exit_generate;
|
1919
|
1954
|
}
|
1920
|
1955
|
hexdata = argv[i];
|
1921
|
1956
|
authdatalen = strlen(hexdata);
|
1922
|
1957
|
if (hexdata[0] == '"' && hexdata[authdatalen-1] == '"') {
|
1923
|
1958
|
authdata = malloc(authdatalen-1);
|
|
1959
|
+ if (!authdata) {
|
|
1960
|
+ fprintf(stderr, "unable to allocate memory\n");
|
|
1961
|
+ status = 1;
|
|
1962
|
+ goto exit_generate;
|
|
1963
|
+ }
|
1924
|
1964
|
strncpy(authdata, hexdata+1, authdatalen-2);
|
|
1965
|
+ authdata[authdatalen-1] = '\0';
|
1925
|
1966
|
authdatalen -= 2;
|
1926
|
1967
|
} else {
|
1927
|
1968
|
authdatalen = cvthexkey (hexdata, &authdata);
|
... |
... |
@@ -1929,13 +1970,15 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1929
|
1970
|
prefix (inputfilename, lineno);
|
1930
|
1971
|
fprintf (stderr,
|
1931
|
1972
|
"data contains odd number of or non-hex characters\n");
|
1932
|
|
- return 1;
|
|
1973
|
+ status = 1;
|
|
1974
|
+ goto exit_generate;
|
1933
|
1975
|
}
|
1934
|
1976
|
}
|
1935
|
1977
|
} else {
|
1936
|
1978
|
prefix (inputfilename, lineno);
|
1937
|
1979
|
badcommandline (argv[i]);
|
1938
|
|
- return 1;
|
|
1980
|
+ status = 1;
|
|
1981
|
+ goto exit_generate;
|
1939
|
1982
|
}
|
1940
|
1983
|
}
|
1941
|
1984
|
|
... |
... |
@@ -1945,7 +1988,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1945
|
1988
|
if (!dpy) {
|
1946
|
1989
|
prefix (inputfilename, lineno);
|
1947
|
1990
|
fprintf (stderr, "unable to open display \"%s\".\n", displayname);
|
1948
|
|
- return 1;
|
|
1991
|
+ status = 1;
|
|
1992
|
+ goto exit_generate;
|
1949
|
1993
|
}
|
1950
|
1994
|
|
1951
|
1995
|
status = XSecurityQueryExtension(dpy, &major_version, &minor_version);
|
... |
... |
@@ -1954,7 +1998,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1954
|
1998
|
prefix (inputfilename, lineno);
|
1955
|
1999
|
fprintf (stderr, "couldn't query Security extension on display \"%s\"\n",
|
1956
|
2000
|
displayname);
|
1957
|
|
- return 1;
|
|
2001
|
+ status = 1;
|
|
2002
|
+ goto exit_generate;
|
1958
|
2003
|
}
|
1959
|
2004
|
|
1960
|
2005
|
/* fill in input Xauth struct */
|
... |
... |
@@ -1979,7 +2024,8 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1979
|
2024
|
{
|
1980
|
2025
|
prefix (inputfilename, lineno);
|
1981
|
2026
|
fprintf (stderr, "couldn't generate authorization\n");
|
1982
|
|
- return 1;
|
|
2027
|
+ status = 1;
|
|
2028
|
+ goto exit_generate;
|
1983
|
2029
|
}
|
1984
|
2030
|
|
1985
|
2031
|
if (verbose)
|
... |
... |
@@ -1994,10 +2040,12 @@ do_generate(const char *inputfilename, int lineno, int argc, const char **argv) |
1994
|
2040
|
|
1995
|
2041
|
status = do_add(inputfilename, lineno, 4, args);
|
1996
|
2042
|
|
1997
|
|
- if (authdata) free(authdata);
|
|
2043
|
+ exit_generate:
|
|
2044
|
+ free(authdata);
|
1998
|
2045
|
XSecurityFreeXauth(auth_in);
|
1999
|
2046
|
XSecurityFreeXauth(auth_return);
|
2000
|
2047
|
free(hex);
|
2001
|
|
- XCloseDisplay(dpy);
|
|
2048
|
+ if (dpy != NULL)
|
|
2049
|
+ XCloseDisplay(dpy);
|
2002
|
2050
|
return status;
|
2003
|
2051
|
} |