summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Remove "All rights reserved" from Oracle copyright noticesAlan Coopersmith2023-02-251-1/+1
| | | | | | Oracle no longer includes this term in our copyright & license notices. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Handle arrays too large to fit in iceConn buffersAlan Coopersmith2022-12-043-19/+67
| | | | | | | | | | | | | | | | | | | Fixes numerous gcc warnings of the form: sm_client.c: In function ‘SmcOpenConnection’: SMlibint.h:109:25: warning: potential null pointer dereference [-Wnull-dereference] *((CARD32 *) _pBuf) = _val; \ SMlibint.h:160:5: note: in expansion of macro ‘STORE_CARD32’ STORE_CARD32 (_pBuf, (CARD32) _len); \ ^~~~~~~~~~~~ sm_client.c:207:5: note: in expansion of macro ‘STORE_ARRAY8’ STORE_ARRAY8 (pData, len, previousId); ^~~~~~~~~~~~ v2: Raise required libICE version to 1.1.0 to get the updated IceGetHeaderExtra macro definition needed for this to work correctly. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* SmcCloseConnection: remove unnecessary cast from free()Alan Coopersmith2022-12-041-1/+1
| | | | | | | commit b17f93a1d041e63261ff followed the style of the time it was written, before commit e77dd2e4bc8227 had removed them. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Fix some potential memory leaks in SmcCloseConnection().Kim Woelders2022-08-261-0/+16
| | | | | Signed-off-by: Kim Woelders <kim@woelders.dk> Reviewed-by: Corbin Simpson <MostAwesomeDude@gmail.com>
* Fix spelling/wording issuesAlan Coopersmith2022-03-051-1/+1
| | | | | | | Found by using: codespell --builtin clear,rare,usage,informal,code,names Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Fixed out ouf boundary accesses.Tobias Stoeckmann2018-09-302-163/+229
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Out of boundary accesses can occur while processing messages. This affects clients and the session server. Generally, the code tries to prevent out of boundary accesses. It initially "skips" over the memory areas by parsing supplied lengths. Then, it checks if it skipped over the memory boundary. If not, then data is actually read and memory allocated, etc. The problem is that while initially skipping over the memory, subsequent lengths are already parsed, i.e. accessed. This results in out of boundary reads on hostile messages. Lengths could also overflow on 32 bit systems, leading to out of boundary writes if not enough bytes have been allocated. Authentication is handled by libICE, which is not affected, because the macros for skipping already take care about memory boundaries. Therefore, this flaw can only be used by authenticated clients or by hostile servers (which could simply accept every MIT cookie). Most session managers only use Unix sockets, so in many cases it takes a local authenticated user. In order to fix this, I decided to move the macros from SMlibint.h to its only callers in sm_process.c, turning them into functions for much easier error handling and readability. Instead of skipping over the memory, validation happens during actual read and memory allocation operations, as it's rather unlikely to encounter hostile code anyway, i.e. my code has more error cleanup handling in it. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
* Get rid of strcpy() in the HAVE_UUID_CREATE caseMatthieu Herrb2015-10-201-5/+4
| | | | | | | Even though this use was safe, some linkers produce a warning when strcpy() is used, and this is the only use in libSM. Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Fix uuid_to_string(3) typeMatthieu Herrb2015-10-201-1/+1
| | | | | | It should be char *. Reviewed-by: Adam Jackson <ajax@redhat.com>
* Include unistd.h for getpid()Jon TURNEY2015-04-101-0/+1
| | | | | Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk> Reviewed-by: David Macek <david.macek.0@gmail.com>
* Stop compiling empty sm_auth.c stubAlan Coopersmith2013-11-221-1/+2
| | | | | | | | | | File exists as a placeholder in case someone someday decides to add additional auth methods on top of what libICE provides, but it's been two decades and no one has, so stop spending time compiling & linking for now. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Adam Jackson <ajax@redhat.com>
* Fix some clang warnings about integer size/sign conversionsAlan Coopersmith2013-08-096-16/+16
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* unifdef WORD64 (leftover bits of Cray support)Alan Coopersmith2013-08-091-46/+0
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Constify previous_id argument to SmcOpenConnectionAlan Coopersmith2013-08-091-1/+1
| | | | | | | | | Clears gcc warning of: sm_client.c: In function 'SmcOpenConnection': sm_client.c:199:13: warning: assignment discards 'const' qualifier from pointer target type [enabled by default] Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* unifdef -U__UNIXOS2__Alan Coopersmith2013-01-042-9/+0
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Remove unused TLI ("STREAMSCONN") code from libSMAlan Coopersmith2012-12-261-2/+2
| | | | | | | | | Has never been converted to build in modular builds, so has been unusable since X11R7.0 release in 2005. All known platforms with TLI/XTI support that X11R7 & later releases run on also have (and mostly prefer) BSD socket support for their networking API. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* unifdef -ULynxAlan Coopersmith2011-12-091-5/+1
| | | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
* SmsInitialize: Mark vendor & release args as const char *Alan Coopersmith2011-12-091-1/+2
| | | | | | | Needed to fix gcc -Wwrite-strings arguments in callers such as xsm. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Remove a bunch of unnecessary casts with malloc & free callsAlan Coopersmith2011-12-095-28/+25
| | | | | | | | | With modern compilers and headers, they cause more problems than they solve and just hide real issues. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Replace malloc(strlen) + strcpy sets with strdup callsAlan Coopersmith2011-12-094-33/+9
| | | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Mark Kettenis <kettenis@openbsd.org> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Reindent IPv4 code to match IPv6 codeAlan Coopersmith2011-12-091-27/+27
| | | | | | | Takes care of the other block of code confusingly sharing indent levels Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Move variable declarations to get rid of unnecessary scope bracketsAlan Coopersmith2011-12-091-6/+6
| | | | | | | | Gets rid of one of the multiple levels of bracketing that confusingly shared the same indent level. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Move and rename temp[4] definition to reduce confusion with temp[256]Alan Coopersmith2011-12-091-5/+7
| | | | | | | | | | | Both variables were locals in different scope levels of the same function, leading to both confusing code and gcc -Wshadow warnings: sm_genid.c: In function 'SmsGenerateClientID': sm_genid.c:160:10: warning: declaration of 'temp' shadows a previous local Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Use imdent to make multiple levels of nested #if easier to followAlan Coopersmith2011-12-091-36/+36
| | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: James Cloos <cloos@jhcloos.com>
* Strip trailing whitespaceAlan Coopersmith2011-09-164-12/+12
| | | | | | | Performed with: find * -type f | xargs perl -i -p -e 's{[ \t]+$}{}' git diff -w & git diff -b show no diffs from this change Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* config: splitting SM and XTRANS compiler options is not requiredGaetan Nadon2011-02-021-2/+3
| | | | | | Simplify configuration by using a single PKG_CHECK_MODULES statement. Signed-off-by: Gaetan Nadon <memsize@videotron.ca>
* Sun's copyrights belong to Oracle nowAlan Coopersmith2010-11-211-1/+1
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Purge cvs tags.Jesse Adkins2010-10-066-17/+0
| | | | | Signed-off-by: Jesse Adkins <jesserayadkins@gmail.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Fix off by one error in SmsGenerateClientID when uuid_create is usedAlexander Kabaev2010-05-261-1/+1
| | | | | | | | | | Fix apparent typo in SmsGenerateClientID which always leaves the first byte of allocated id string uninitialized. If that byte happens to be 0, SmsGenerateClientId appears to return an empty string to the caller, instead of proper GUID in text form. Reviewed-by: James CLoos <cloos@jhcloos.com> Signed-off-by: Adam Jackson <ajax@redhat.com>
* Update Sun license notices to current X.Org standard formAlan Coopersmith2010-01-141-1/+24
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
* Revert "Fix memory leak for SM_DeleteProperties"Alan Coopersmith2009-11-161-1/+0
| | | | | | | This reverts commit 58aa8879e10b12e478ab14b90afd1001b4abd316. Fixes gnome-session crashes due to double frees, as reported in http://bugs.freedesktop.org/show_bug.cgi?id=24964
* Fix memory leak for SM_DeletePropertiesMichael Jansen2009-10-141-0/+1
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
* Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONSAlan Coopersmith2009-10-091-1/+1
| | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
* libSM 1.1.1, update libtool versionlibSM-1.1.1Rémi Cardona2009-08-071-1/+1
|
* Use FreeBSD uuid functions when available.Diego Elio 'Flameeyes' Pettenò2009-08-031-2/+23
| | | | | | If the system provide the uuid_create function assume building on FreeBSD or another OS with a compatible uuid interface. If that's the case, ignore libuuid and just use the system functions without extra deps.
* Janitor: ansification, make distcheck, compiler warnings.Paulo Cesar Pereira de Andrade2009-01-2810-307/+96
|
* avoid gcc warnings for libSMPaulo Cesar Pereira de Andrade2008-11-292-16/+10
| | | | | | Patch from http://bugs.freedesktop.org/show_bug.cgi?id=17968 adapted to current sources. This corrects a potential (hypothetical) segmentation fault.
* Bug #17644: Fix valgrind warning in _SmcProcessMessageCaolan McNamara2008-10-171-3/+1
|
* Avoid memcpy(foo, NULL, n), that's just nonsense.Adam Jackson2008-07-021-1/+2
|
* Bug #14949: Don't use gethostbyname() for client IDs.Dan Williams2008-06-242-2/+29
| | | | | gethostbyname() will hit the network, which leads to DNS timeouts, which leads to fail. Just use UUIDs.
* Another tiny char* vs const char* fix.Tilman Sauerbeck2007-05-131-1/+1
|
* Revert "Don't reinvent the wheel and just use strdup()."Tilman Sauerbeck2007-05-131-1/+4
| | | | This reverts commit 57ea148fdbf047a012b361acdc7954e70679dad3.
* Removed some global writable variables.Tilman Sauerbeck2007-05-134-33/+29
|
* Don't reinvent the wheel and just use strdup().Tilman Sauerbeck2007-05-131-4/+1
|
* Fixed some const vs non-const mix ups.Tilman Sauerbeck2007-05-131-2/+2
|
* Sanitized hex string conversion in SmsGenerateClientID().Tilman Sauerbeck2007-05-131-45/+16
| | | | | This reduces the size of the DSO by almost 4K and gets rid of 255 relocations on load.
* renamed: .cvsignore -> .gitignoreAlan Coopersmith2006-07-131-0/+0
|
* From Patch #6046 <https://bugs.freedesktop.org/attachment.cgi?id=6046>Alan Coopersmith2006-06-261-1/+5
| | | | freeaddrinfo() in error handling return (Peter Breitenlohner)
* Specs say SmsInitialize & SmcOpenConnection return NULL terminated stringsXORG-7_0_99_901Alan Coopersmith2006-03-172-17/+40
| | | | | | in errorStringRet, but were just calling strncpy and not making sure strings were NULL terminated if errorLength wasn't long enough. (Noticed while evaluating Coverity ids 196 & 201.)
* See ChangeLog entry 2005-11-07 for details.XORG-6_8_99_903XORG-6_8_99_902Kean Johnson2005-11-081-1/+1
|
* Set soversion to 6.0.0 using -version-number.Daniel Stone2005-07-161-1/+1
|
View Lorry Controller Status