| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Handle arbitrary length data in the same fashion as other calls,
avoiding need to ensure it fits all in the request buffer.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two users of GetReqExtra pass arbitrarily sized allocations from the
caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra
macro) to double-check the requested length and invalidate "req" when
this happens. Users of GetReqExtra passing lengths greater than the Xlib
buffer size (normally 16K) must check "req" and fail gracefully instead
of crashing.
Any callers of GetReqExtra that do not check "req" for NULL
will experience this change, in the pathological case, as a NULL
dereference instead of a buffer overflow. This is an improvement, but
the documentation for GetReqExtra has been updated to reflect the need
to check the value of "req" after the call.
Bug that manifested the problem:
https://bugs.launchpad.net/ubuntu/+source/x11-xserver-utils/+bug/792628
Signed-off-by: Kees Cook <kees@outflux.net>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[For all of these, LONG_MAX was the correct value to prevent overflows
for the recent CVEs. Lowering to INT_MAX catches buggy replies from
the server that 32-bit clients would reject but 64-bit would accept,
so we catch bugs sooner, and really, no sane & working server should
ever report more than 2gb of extension names, font path entries,
key modifier maps, etc. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
clang complained (correctly):
warning: comparison of constant 768614336404564650 with expression
of type 'CARD32' (aka 'unsigned int') is always true
[-Wtautological-constant-out-of-range-compare]
[While LONG_MAX is correct, since it's used in size_t math, the
numbers have to be limited to 32-bit range to be usable by 32-bit
clients, and values beyond that range are far more likely to be
bugs in the data from the server than valid numbers of characters
in a font. -alan- ]
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
| |
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
It seems useless to do that since the code tests for both source
length and destination to be non-zero. This fixes a cut'n'paste
problem in xterm where the paste length was limited to 1024 (BUFSIZ)
in button.c.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit looks a bit crazy at first glance. It (re-)introduces lots
of whitespaces and bad formatting.
Explanation: Backporting upstream changes lead to commits being
applied out of order. This meant a lot of manual intervention which in
turn lead to slight differences between upstream and NX.
With this commit these slight differences are minimized which will be
of great help when adding further upstream patches.
|
|
|
|
|
|
|
| |
Better to silence the compiler warning than break ABI.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Inspired by a pattern in NoMachine's NX. Consistently zeroed buffers
compress better with ssh and friends. Note that you'll need to rebuild
all your protocol libraries to take advantage of this.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
Using uninitialized value "error.resourceID" in call to function "_XError"
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Called from XrmGetFileDatabase() which gets called from InitDefaults()
which gets the filename from getenv ("XENVIRONMENT")
If file is exactly 0xffffffff bytes long (or longer and truncates to
0xffffffff, on implementations where off_t is larger than an int),
then size may be set to a value which overflows causing less memory
to be allocated than is written to by the following read() call.
size is left limited to an int, because if your Xresources file is
larger than 2gb, you're very definitely doing it wrong.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
XFree colormap_ret and initialize it when appropriate.
Variable "colormap_ret" goes out of scope
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
_XimLocalMbLookupString can return a braille keysym even if _Xlcwctomb can't
convert to the current MB charset.
_XimLocalUtf8LookupString needs to set the braille keysym and status too.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
| |
This reverts commit 8866f80d9f42e02093058cab027edbf127118105.
That commit had been edited and was incomplete, by reverting
and re-applying we get it right.
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
| |
We have the same commit for XKBGAlloc.c but it was missing here since
upstream has dropped OpenDis.c when they switched to XCB.
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
Fixes builds with Solaris Studio 12.3 when lint is enabled, since it no
longer ignores *.h files, but complains when they reference undefined
typedefs or macros.
Signed-off-by: Niveditha Rau <Niveditha.Rau@Oracle.COM>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes small memory leak introduced in commit 5669a22081
Reported-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Hint: Upstream commit 5669a22081 is "integer overflow in _XF86BigfontQueryFont() [CVE-2013-1981 2/13]"
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The size of the arrays is max_key_code + 1. This makes these functions
consistent with the other checks added for CVE-2013-1997.
Also check the XkbGetNames reply when names->keys was just allocated.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Tested-by: Colin Walters <walters@verbum.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
| |
This reverts commit b092864a39bbcd4f34c5c26a7cd0df90e235815d.
We will use the proper libX11 upstream patches now.
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
While the C standard technically allows for the compiler to translate
pointer = 0 or pointer = NULL into something other than filling the
pointer address with 0 bytes, the rest of the Xlib code already assumes
that calloc initializes any pointers in the struct to NULL, and there
are no known systems supported by X.Org where this is not true.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Don't provide a fallback definition #ifdef X_NOT_POSIX anymore.
We already use size_t throughout the rest of Xlib, just had this
one instance left in XKBGAlloc.c of a fallback definition.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Leftovers from XKB files that were previously shared between the client
and server code, but aren't any more.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
You could analyze most of these and quickly recognize that there was no
chance of buffer overflow already, but why make everyone spend time doing
that when we can just make it obviously safe?
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Makes it easier for readers to understand scope of variable usage, and
clears up gcc warning:
KeysymStr.c: In function 'XKeysymToString':
KeysymStr.c:128:13: warning: declaration of 'i' shadows a previous local [-Wshadow]
KeysymStr.c:73:18: warning: shadowed declaration is here [-Wshadow]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Casts were annoying gcc by dropping constness when changing types,
when routines simply either copy data into the request buffer or
send it directly to the X server, and never modify the input.
Fixes gcc warnings including:
ChProp.c: In function 'XChangeProperty':
ChProp.c:65:6: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
ChProp.c:65:6: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
ChProp.c:74:6: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
ChProp.c:74:6: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
ChProp.c:83:6: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
SetHints.c: In function 'XSetStandardProperties':
SetHints.c:262:20: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
SetPntMap.c: In function 'XSetPointerMapping':
SetPntMap.c:46:5: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
SetPntMap.c:46:5: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
StBytes.c: In function 'XStoreBuffer':
StBytes.c:97:33: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
StName.c: In function 'XStoreName':
StName.c:40:27: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
StName.c: In function 'XSetIconName':
StName.c:51:27: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
| |
Fixes gcc warning:
StrKeysym.c:97:17: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
C89 defines memcpy as taking a const void *, so casting from
const unsigned char * to char * simply angers gcc for no benefit:
KeyBind.c:1017:24: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes gcc warning:
cmsColNm.c: In function 'FirstCmp':
cmsColNm.c:257:20: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
cmsColNm.c:257:45: warning: cast discards '__attribute__((const))' qualifier from pointer target type [-Wcast-qual]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Has never been converted to build in modular builds, so has been unusable
since X11R7.0 release in 2005. DNETCONN support was removed from xtrans
back in 2008.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
| |
Has never been converted to build in modular builds, so has been unusable
since X11R7.0 release in 2005. All known platforms with TLI/XTI support
that X11R7 & later releases run on also have (and mostly prefer) BSD
socket support for their networking API.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
The path to this file is configurable at build time. The source
however contains a hard coded path.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Private is a struct member name in mingw-w64 <winioctl.h>, causing this
useless define in a private header to break the build.
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes leaks in error paths found by Parfait 1.0.0:
Error: X Resource Leak
Leaked X Resource pix
at line 62 of CrBFData.c in function 'XCreateBitmapFromData'.
pix initialized at line 60 with XCreatePixmap
Error: X Resource Leak
Leaked X Resource pix
at line 70 of CrPFBData.c in function 'XCreatePixmapFromBitmapData'.
pix initialized at line 66 with XCreatePixmap
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
| |
When we dequeue an event in XCheckTypedEvent or XCheckTypedWindowEvent,
make sure to store the corresponding cookie too.
Signed-off-by: Philipp Reh <sefi@s-e-f-i.de>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
| |
This will prevent a number of false positives in where clang's
static analysis reports about calls to malloc(0).
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This provides a simplified version of the SetReqLen macro when using clang for
static analysis. Prior to this change, we would see many Idempotent operation
warnings inside this macro due to the common case of calling with arg2 and
arg3 being the same variable. This has no effect on code produced during
compilation, but it silences a number of false positives in static analysis.
XIPassiveGrab.c:170:5: warning: Assigned value is always the same as the existing value
SetReqLen(req, num_modifiers, num_modifiers);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from XIPassiveGrab.c:26:
.../nx-X11/lib/X11/Xlibint.h:580:8: note: instantiated from:
n = badlen; \
^
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
| |
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IsModifierKey, defined in include/X11/Xutil.h, is a macro determining,
which keys are regarded as modifiers. The constants ISO_Level5_Shift,
ISO_Level5_Latch and ISO_Level5_Lock where excluded previously, leaving
some Neo2 modifiers functionless in combination with compose.
This patch adjusts the range to include the correct, full range of
modifier constants.
Neo2 Bug 277 <http://wiki.neo-layout.org/ticket/277>
X.Org Bug 21910 <http://bugs.freedesktop.org/show_bug.cgi?id=21910>
Signed-off-by: Bodo Graumann <mail@bodograumann.de>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
| |
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|