[PATCH] Xext: "xauth generate" with large timeout crashes Xorg #27134 .

Arvind Umrao Arvind.Umrao at Sun.COM
Mon Apr 26 04:42:21 PDT 2010


Keith,

Any more suggestion on this bug?  It seems we cannot give perfect 
solution without making substantial amount of code changes.

Could we accept imperfect solution, for time time?   At least we should 
remove assert statement.  I won't mind if you want to submit your code 
fixes. If you are busy I can do that for you.

-Arvind

On 04/16/10 16:37, Arvind Umrao wrote:
>
> On 04/15/10 23:18, Keith Packard wrote:
>> On Thu, 15 Apr 2010 12:13:19 +0530, Arvind 
>> Umrao<Arvind.Umrao at Sun.COM>  wrote:
>>> Second thought, after some more testing.  It seems your fixes are not
>>> better than mine. When epoch time is GetTimeInMillis() -
>>> (CARD32)(MAXINT),  ie  Sun Jan 10 2038 11:09:28 GMT+0530 (IST), 
>>> security
>>> authorization will expire with timeout reset to Zero.
>> Good testing. I'd suggest just reducing the timeout by a second to 
>> make the
>> initial timeout be greater than zero which should make the recomputed
>> timeout mechanism work.
>
> I tired but it does not work.
> Only way we can fix this problem is to limit the timeout.  If can not 
> limit upper bound of timeout then my proposed fixes were better.  We 
> have have to use GetTimeInMillis() to  make the recomputed timeout 
> mechanism work.
>
>>> I thing we should start using CARD64 for storing millisecs.  What you
>>> suggest?
>> I don't think this is really necessary.
>>
>



More information about the xorg-devel mailing list