xserver: Branch 'server-1.19-branch' - 3 commits
Adam Jackson
ajax at kemper.freedesktop.org
Tue Feb 28 19:30:30 UTC 2017
configure.ac | 5 ++++-
include/dix-config.h.in | 9 +++++++++
include/os.h | 5 +++++
os/auth.c | 14 ++++++++++----
os/mitauth.c | 15 +--------------
os/osdep.h | 6 ------
os/rpcauth.c | 6 ------
os/timingsafe_memcmp.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
os/xdmauth.c | 27 ---------------------------
9 files changed, 74 insertions(+), 58 deletions(-)
New commits:
commit b0298c02f0383760be899448fa666d0ea56f5d79
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Tue Feb 28 19:18:56 2017 +0100
auth: remove AuthToIDFunc and associated functions. Not used anymore.
And the current code for MitToId has a use-after-free() issue.
[Also remove the actual implementations - ajax]
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
(cherry picked from commit 2855f759b1e7bf7f5e57cac36c1f0d0e5ac1a683)
diff --git a/os/auth.c b/os/auth.c
index 81164a2..41b625d 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -55,7 +55,6 @@ struct protocol {
AuthAddCFunc Add; /* new authorization data */
AuthCheckFunc Check; /* verify client authorization data */
AuthRstCFunc Reset; /* delete all authorization data entries */
- AuthToIDFunc ToID; /* convert cookie to ID */
AuthFromIDFunc FromID; /* convert ID to cookie */
AuthRemCFunc Remove; /* remove a specific cookie */
#ifdef XCSECURITY
@@ -66,7 +65,7 @@ struct protocol {
static struct protocol protocols[] = {
{(unsigned short) 18, "MIT-MAGIC-COOKIE-1",
MitAddCookie, MitCheckCookie, MitResetCookie,
- MitToID, MitFromID, MitRemoveCookie,
+ MitFromID, MitRemoveCookie,
#ifdef XCSECURITY
MitGenerateCookie
#endif
@@ -74,7 +73,7 @@ static struct protocol protocols[] = {
#ifdef HASXDMAUTH
{(unsigned short) 19, "XDM-AUTHORIZATION-1",
XdmAddCookie, XdmCheckCookie, XdmResetCookie,
- XdmToID, XdmFromID, XdmRemoveCookie,
+ XdmFromID, XdmRemoveCookie,
#ifdef XCSECURITY
NULL
#endif
@@ -83,7 +82,7 @@ static struct protocol protocols[] = {
#ifdef SECURE_RPC
{(unsigned short) 9, "SUN-DES-1",
SecureRPCAdd, SecureRPCCheck, SecureRPCReset,
- SecureRPCToID, SecureRPCFromID, SecureRPCRemove,
+ SecureRPCFromID, SecureRPCRemove,
#ifdef XCSECURITY
NULL
#endif
diff --git a/os/mitauth.c b/os/mitauth.c
index efae440..e75d700 100644
--- a/os/mitauth.c
+++ b/os/mitauth.c
@@ -97,19 +97,6 @@ MitResetCookie(void)
return 0;
}
-XID
-MitToID(unsigned short data_length, char *data)
-{
- struct auth *auth;
-
- for (auth = mit_auth; auth; auth = auth->next) {
- if (data_length == auth->len &&
- memcmp(data, auth->data, data_length) == 0)
- return auth->id;
- }
- return (XID) -1;
-}
-
int
MitFromID(XID id, unsigned short *data_lenp, char **datap)
{
diff --git a/os/osdep.h b/os/osdep.h
index 90a247f..a0d57b8 100644
--- a/os/osdep.h
+++ b/os/osdep.h
@@ -113,9 +113,6 @@ typedef int (*AuthRemCFunc) (AuthRemCArgs);
#define AuthRstCArgs void
typedef int (*AuthRstCFunc) (AuthRstCArgs);
-#define AuthToIDArgs unsigned short data_length, char *data
-typedef XID (*AuthToIDFunc) (AuthToIDArgs);
-
typedef void (*OsCloseFunc) (ClientPtr);
typedef int (*OsFlushFunc) (ClientPtr who, struct _osComm * oc, char *extraBuf,
@@ -185,7 +182,6 @@ extern void GenerateRandomData(int len, char *buf);
/* in mitauth.c */
extern XID MitCheckCookie(AuthCheckArgs);
extern XID MitGenerateCookie(AuthGenCArgs);
-extern XID MitToID(AuthToIDArgs);
extern int MitAddCookie(AuthAddCArgs);
extern int MitFromID(AuthFromIDArgs);
extern int MitRemoveCookie(AuthRemCArgs);
@@ -194,7 +190,6 @@ extern int MitResetCookie(AuthRstCArgs);
/* in xdmauth.c */
#ifdef HASXDMAUTH
extern XID XdmCheckCookie(AuthCheckArgs);
-extern XID XdmToID(AuthToIDArgs);
extern int XdmAddCookie(AuthAddCArgs);
extern int XdmFromID(AuthFromIDArgs);
extern int XdmRemoveCookie(AuthRemCArgs);
@@ -205,7 +200,6 @@ extern int XdmResetCookie(AuthRstCArgs);
#ifdef SECURE_RPC
extern void SecureRPCInit(AuthInitArgs);
extern XID SecureRPCCheck(AuthCheckArgs);
-extern XID SecureRPCToID(AuthToIDArgs);
extern int SecureRPCAdd(AuthAddCArgs);
extern int SecureRPCFromID(AuthFromIDArgs);
extern int SecureRPCRemove(AuthRemCArgs);
diff --git a/os/rpcauth.c b/os/rpcauth.c
index 5680489..33260db 100644
--- a/os/rpcauth.c
+++ b/os/rpcauth.c
@@ -175,12 +175,6 @@ SecureRPCReset(void)
return 1;
}
-_X_HIDDEN XID
-SecureRPCToID(unsigned short data_length, char *data)
-{
- return rpc_id;
-}
-
_X_HIDDEN int
SecureRPCFromID(XID id, unsigned short *data_lenp, char **datap)
{
diff --git a/os/xdmauth.c b/os/xdmauth.c
index cb2e39e..c35cade 100644
--- a/os/xdmauth.c
+++ b/os/xdmauth.c
@@ -411,33 +411,6 @@ XdmResetCookie(void)
return 1;
}
-XID
-XdmToID(unsigned short cookie_length, char *cookie)
-{
- XdmAuthorizationPtr auth;
- XdmClientAuthPtr client;
- unsigned char *plain;
-
- plain = malloc(cookie_length);
- if (!plain)
- return (XID) -1;
- for (auth = xdmAuth; auth; auth = auth->next) {
- XdmcpUnwrap((unsigned char *) cookie, (unsigned char *) &auth->key,
- plain, cookie_length);
- if ((client =
- XdmAuthorizationValidate(plain, cookie_length, &auth->rho, NULL,
- NULL)) != NULL) {
- free(client);
- free(cookie);
- free(plain);
- return auth->id;
- }
- }
- free(cookie);
- free(plain);
- return (XID) -1;
-}
-
int
XdmFromID(XID id, unsigned short *data_lenp, char **datap)
{
commit ab15f65fe5d6d50e705c1064a6a5c1a0c2a8e045
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Tue Feb 28 19:18:43 2017 +0100
Use arc4random_buf(3) if available to generate cookies.
Reviewed-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
(cherry picked from commit 957e8db38f27932d353e86e9aa69cf16778b18f1)
diff --git a/configure.ac b/configure.ac
index 62cd547..610de09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -225,6 +225,8 @@ AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup\
timingsafe_memcmp])
AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
dnl Check for SO_PEERCRED #define
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 4b86c1a..d357910 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -125,6 +125,9 @@
/* Build a standalone xpbproxy */
#undef STANDALONE_XPBPROXY
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
/* Define to 1 if you have the `m' library (-lm). */
#undef HAVE_LIBM
@@ -161,6 +164,9 @@
/* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
#undef HAVE_RPCSVC_DBM_H
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
/* Define to use libc SHA1 functions */
#undef HAVE_SHA1_IN_LIBC
diff --git a/os/auth.c b/os/auth.c
index 7da6fc6..81164a2 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -45,6 +45,9 @@ from The Open Group.
#ifdef WIN32
#include <X11/Xw32defs.h>
#endif
+#ifdef HAVE_LIBBSD
+#include <bsd/stdlib.h> /* for arc4random_buf() */
+#endif
struct protocol {
unsigned short name_length;
@@ -303,11 +306,15 @@ GenerateAuthorization(unsigned name_length,
void
GenerateRandomData(int len, char *buf)
{
+#ifdef HAVE_ARC4RANDOMBUF
+ arc4random_buf(buf, len);
+#else
int fd;
fd = open("/dev/urandom", O_RDONLY);
read(fd, buf, len);
close(fd);
+#endif
}
#endif /* XCSECURITY */
commit 3f61c7a09b220805ee6778f4bf2f429e3df8e37a
Author: Matthieu Herrb <matthieu at herrb.eu>
Date: Tue Feb 28 19:18:25 2017 +0100
Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624
Provide the function definition for systems that don't have it.
Signed-off-by: Matthieu Herrb <matthieu at herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
(cherry picked from commit d7ac755f0b618eb1259d93c8a16ec6e39a18627c)
diff --git a/configure.ac b/configure.ac
index 770c3e6..62cd547 100644
--- a/configure.ac
+++ b/configure.ac
@@ -221,7 +221,8 @@ AC_CHECK_FUNCS([backtrace ffs geteuid getuid issetugid getresuid \
mmap posix_fallocate seteuid shmctl64 strncasecmp vasprintf vsnprintf \
walkcontext setitimer poll epoll_create1])
AC_CONFIG_LIBOBJ_DIR([os])
-AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup])
+AC_REPLACE_FUNCS([reallocarray strcasecmp strcasestr strlcat strlcpy strndup\
+ timingsafe_memcmp])
AM_CONDITIONAL(POLL, [test "x$ac_cv_func_poll" = "xyes"])
AC_CHECK_DECLS([program_invocation_short_name], [], [], [[#include <errno.h>]])
diff --git a/include/dix-config.h.in b/include/dix-config.h.in
index 4f020e5..4b86c1a 100644
--- a/include/dix-config.h.in
+++ b/include/dix-config.h.in
@@ -238,6 +238,9 @@
/* Define to 1 if you have the <sys/utsname.h> header file. */
#undef HAVE_SYS_UTSNAME_H
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+#undef HAVE_TIMINGSAFE_MEMCMP
+
/* Define to 1 if you have the <tslib.h> header file. */
#undef HAVE_TSLIB_H
diff --git a/include/os.h b/include/os.h
index d2c41b4..aa231f5 100644
--- a/include/os.h
+++ b/include/os.h
@@ -590,6 +590,11 @@ extern _X_EXPORT char *
strndup(const char *str, size_t n);
#endif
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
diff --git a/os/mitauth.c b/os/mitauth.c
index 768a52a..efae440 100644
--- a/os/mitauth.c
+++ b/os/mitauth.c
@@ -76,7 +76,7 @@ MitCheckCookie(unsigned short data_length,
for (auth = mit_auth; auth; auth = auth->next) {
if (data_length == auth->len &&
- memcmp(data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
diff --git a/os/timingsafe_memcmp.c b/os/timingsafe_memcmp.c
new file mode 100644
index 0000000..36ab362
--- /dev/null
+++ b/os/timingsafe_memcmp.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+ const unsigned char *p1 = b1, *p2 = b2;
+ size_t i;
+ int res = 0, done = 0;
+
+ for (i = 0; i < len; i++) {
+ /* lt is -1 if p1[i] < p2[i]; else 0. */
+ int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+ /* gt is -1 if p1[i] > p2[i]; else 0. */
+ int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+ /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+ int cmp = lt - gt;
+
+ /* set res = cmp if !done. */
+ res |= cmp & ~done;
+
+ /* set done if p1[i] != p2[i]. */
+ done |= lt | gt;
+ }
+
+ return (res);
+}
More information about the xorg-commit
mailing list