From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001 From: "mmcc@openbsd.org" Date: Tue, 20 Oct 2015 03:36:35 +0000 Subject: [PATCH] upstream commit Replace a function-local allocation with stack memory. ok djm@ Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e Upstream-Status: Backport CVE: CVE-2016-1907 [YOCTO #8935] Signed-off-by: Armin Kuster --- clientloop.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/clientloop.c b/clientloop.c index 87ceb3d..1e05cba 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */ +/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path, static char proto[512], data[512]; FILE *f; int got_data = 0, generated = 0, do_unlink = 0, i; - char *xauthdir, *xauthfile; + char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = ""; struct stat st; u_int now, x11_timeout_real; - xauthdir = xauthfile = NULL; *_proto = proto; *_data = data; proto[0] = data[0] = '\0'; @@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, display = xdisplay; } if (trusted == 0) { - xauthdir = xmalloc(PATH_MAX); - xauthfile = xmalloc(PATH_MAX); mktemp_proto(xauthdir, PATH_MAX); /* * The authentication cookie should briefly outlive @@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path, unlink(xauthfile); rmdir(xauthdir); } - free(xauthdir); - free(xauthfile); /* * If we didn't get authentication data, just make up some -- 1.9.1