N_AUTH_PROTOS
};
+#define AUTH_PROTO_XDM_AUTHORIZATION "XDM-AUTHORIZATION-1"
+#define AUTH_PROTO_MIT_MAGIC_COOKIE "MIT-MAGIC-COOKIE-1"
+
static char *authnames[N_AUTH_PROTOS] = {
#ifdef HASXDMAUTH
- "XDM-AUTHORIZATION-1",
+ AUTH_PROTO_XDM_AUTHORIZATION,
#endif
- "MIT-MAGIC-COOKIE-1",
+ AUTH_PROTO_MIT_MAGIC_COOKIE,
+};
+
+static int authnameslen[N_AUTH_PROTOS] = {
+#ifdef HASXDMAUTH
+ sizeof(AUTH_PROTO_XDM_AUTHORIZATION) - 1,
+#endif
+ sizeof(AUTH_PROTO_MIT_MAGIC_COOKIE) - 1,
};
static size_t memdup(char **dst, void *src, size_t len)
static int authname_match(enum auth_protos kind, char *name, size_t namelen)
{
- if(strlen(authnames[kind]) != namelen)
+ if(authnameslen[kind] != namelen)
return 0;
if(memcmp(authnames[kind], name, namelen))
return 0;
unsigned short family;
char hostnamebuf[256]; /* big enough for max hostname */
char dispbuf[40]; /* big enough to hold more than 2^64 base 10 */
- int authnamelens[N_AUTH_PROTOS];
- int i;
+ int dispbuflen;
family = FamilyLocal; /* 256 */
switch(sockname->sa_family)
return 0; /* cannot authenticate this family */
}
- snprintf(dispbuf, sizeof(dispbuf), "%d", display);
+ dispbuflen = snprintf(dispbuf, sizeof(dispbuf), "%d", display);
+ if(dispbuflen < 0)
+ return 0;
+ /* snprintf may have truncate our text */
+ dispbuflen = MIN(dispbuflen, sizeof(dispbuf) - 1);
if (family == FamilyLocal) {
if (gethostname(hostnamebuf, sizeof(hostnamebuf)) == -1)
addrlen = strlen(addr);
}
- for (i = 0; i < N_AUTH_PROTOS; i++)
- authnamelens[i] = strlen(authnames[i]);
return XauGetBestAuthByAddr (family,
(unsigned short) addrlen, addr,
- (unsigned short) strlen(dispbuf), dispbuf,
- N_AUTH_PROTOS, authnames, authnamelens);
+ (unsigned short) dispbuflen, dispbuf,
+ N_AUTH_PROTOS, authnames, authnameslen);
}
#ifdef HASXDMAUTH
struct sockaddr_in6 *si6 = (struct sockaddr_in6 *) sockname;
if(IN6_IS_ADDR_V4MAPPED(SIN6_ADDR(sockname)))
{
- APPEND(info->data, j, si6->sin6_addr.s6_addr[12]);
+ do_append(info->data, &j, &si6->sin6_addr.s6_addr[12], 4);
APPEND(info->data, j, si6->sin6_port);
}
else
char sockbuf[sizeof(struct sockaddr) + MAXPATHLEN];
unsigned int socknamelen = sizeof(sockbuf); /* need extra space */
struct sockaddr *sockname = (struct sockaddr *) &sockbuf;
+ int gotsockname = 0;
Xauth *authptr = 0;
int ret = 1;
+ /* Some systems like hpux or Hurd do not expose peer names
+ * for UNIX Domain Sockets, but this is irrelevant,
+ * since compute_auth() ignores the peer name in this
+ * case anyway.*/
if (getpeername(fd, sockname, &socknamelen) == -1)
- return 0; /* can only authenticate sockets */
+ {
+ if (sockname->sa_family != AF_UNIX)
+ return 0; /* except for AF_UNIX, sockets should have peernames */
+ if (getsockname(fd, sockname, &socknamelen) == -1)
+ return 0; /* can only authenticate sockets */
+ gotsockname = 1;
+ }
authptr = get_authptr(sockname, socknamelen, display);
if (authptr == 0)
return 0; /* cannot find good auth data */
info->namelen = memdup(&info->name, authptr->name, authptr->name_length);
- if(info->namelen)
- ret = compute_auth(info, authptr, sockname);
+ if (!info->namelen)
+ goto no_auth; /* out of memory */
+
+ if (!gotsockname && getsockname(fd, sockname, &socknamelen) == -1)
+ {
+ free(info->name);
+ goto no_auth; /* can only authenticate sockets */
+ }
+
+ ret = compute_auth(info, authptr, sockname);
if(!ret)
{
- free(info->name);
- info->name = 0;
- info->namelen = 0;
+ free(info->name);
+ goto no_auth; /* cannot build auth record */
}
+
XauDisposeAuth(authptr);
return ret;
+
+ no_auth:
+ info->name = 0;
+ info->namelen = 0;
+ XauDisposeAuth(authptr);
+ return 0;
}
projects / free-sw / xcb / libxcb / blobdiff