Improve 'uniqueness' of authorization cookie sent by client for XDM-AUTHORIZATION-1. Old 'uniquness' consisted of the PID of the client, a time stamp (in seconds) and a number obtained by starting to count down from 0xffff. When a client did an XOpenDisplay() then execv'ed a child and did XOpenDisplay() again within the same second, the cookie was identical to the previous one (as the PID did not change but the static 'count down' variable was reinitialized) and thus refused by the server.

1 files changed, 10 insertions, 5 deletions

diff --git a/src/ConnDis.c b/src/ConnDis.c
index 126c2683..04cab302 100644
--- a/src/ConnDis.c
+++ b/src/ConnDis.c
@@ -1,4 +1,4 @@
-/* $XdotOrg: lib/X11/src/ConnDis.c,v 1.3 2004-04-24 23:39:25 alanc Exp $ */
+/* $XdotOrg: lib/X11/src/ConnDis.c,v 1.4 2004-05-24 19:02:11 eich Exp $ */
 /* $Xorg: ConnDis.c,v 1.8 2001/02/09 02:03:31 xorgcvs Exp $ */
 /*
  
@@ -1127,15 +1127,20 @@ GetAuthorization(
 	    static unsigned long    unix_addr = 0xFFFFFFFF;
 	    unsigned long	the_addr;
 	    unsigned short	the_port;
+	    unsigned long	the_utime;
+	    struct timeval      tp;
 	    
+	    X_GETTIMEOFDAY(&tp);
 	    _XLockMutex(_Xglobal_lock);
 	    the_addr = unix_addr--;
 	    _XUnlockMutex(_Xglobal_lock);
+	    the_utime = (unsigned long) tp.tv_usec;
 	    the_port = getpid ();
-
-	    xdmcp_data[j++] = (the_addr >> 24) & 0xFF;
-	    xdmcp_data[j++] = (the_addr >> 16) & 0xFF;
-	    xdmcp_data[j++] = (the_addr >>  8) & 0xFF;
+	    
+	    xdmcp_data[j++] = (the_utime >> 24) & 0xFF;
+	    xdmcp_data[j++] = (the_utime >> 16) & 0xFF;
+	    xdmcp_data[j++] = ((the_utime >>  8) & 0xF0)
+		| ((the_addr >>  8) & 0x0F);
 	    xdmcp_data[j++] = (the_addr >>  0) & 0xFF;
 	    xdmcp_data[j++] = (the_port >>  8) & 0xFF;
 	    xdmcp_data[j++] = (the_port >>  0) & 0xFF;