xdm: Changes to 'master'

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Sat Apr 16 14:44:59 UTC 2022 

 chooser/chooser.c |   16 ++++++++--------
 xdm/access.c      |    6 +++---
 xdm/auth.c        |    8 ++++----
 xdm/choose.c      |    3 +--
 xdm/krb5auth.c    |    2 +-
 xdm/mitauth.c     |    2 +-
 xdm/policy.c      |    2 +-
 xdm/protodpy.c    |    2 +-
 xdm/rpcauth.c     |    4 ++--
 xdm/server.c      |    2 +-
 xdm/socket.c      |    4 +++-
 xdm/xdmauth.c     |   10 +++++-----
 xdm/xdmcp.c       |   32 ++++++++++++++++++--------------
 13 files changed, 49 insertions(+), 44 deletions(-)

New commits:
commit 3544fa9ec2e17e481785382317ef93ec2ac32ddf
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sun Apr 10 11:58:38 2022 -0700

    Use memcpy() instead of memmove() when buffers are known not to overlap
    
    Most of these came from a mass bcopy() -> memmove() substitution
    in 1993 with a commit comment of "ANSIfied for R6".
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>

commit f01b28cf76d641881fa1c5bf7f9dd2487b9ced6b
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sun Apr 10 11:33:38 2022 -0700

    all_query_respond(): handle ConvertAddr failure sooner
    
    Don't try to process returned data values that may not be set
    
    Resolves Oracle Parfait issue:
    
    Error: Uninitialised memory
       Uninitialised memory variable [uninitialised-mem-var] (CWE 457):
          Possible access to uninitialised memory referenced by variable 'length'
            at line 238 of xdm/xdmcp.c in function 'all_query_respond'.
            Path in callee avoiding write at line 237
              length allocated at line 231
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>

commit 00e0b3ae11bb1d4681b0206c341f57fc46ea98b1
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sun Apr 10 11:14:50 2022 -0700

    GetChooserAddr(): verify socket address fit in provided buffer
    
    Should never happen, but makes Oracle Parfait stop warning:
    
    Error: Buffer overrun
       Read Outside Array Bounds in STD C function [read-outside-array-bounds-call-stdc]:
          Read outside array bounds in call to memmove. Buffer ((int8*)&in_addr) of size 256 is read at an offset of len
          Array size is 256 bytes, index <= 1024
            at line 130 of xdm/socket.c in function 'GetChooserAddr'.
            called at line 197 of xdm/choose.c in function 'FormatChooserArgument' with lenp = &addr_len.
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>

More information about the xorg-commit mailing list