1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
From: "mmcc@openbsd.org" <mmcc@openbsd.org>
Date: Tue, 20 Oct 2015 03:36:35 +0000
Subject: [PATCH] upstream commit
Replace a function-local allocation with stack memory.
ok djm@
Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
Upstream-Status: Backport
CVE: CVE-2016-1907
[YOCTO #8935]
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
clientloop.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index 87ceb3d..1e05cba 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
static char proto[512], data[512];
FILE *f;
int got_data = 0, generated = 0, do_unlink = 0, i;
- char *xauthdir, *xauthfile;
+ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
struct stat st;
u_int now, x11_timeout_real;
- xauthdir = xauthfile = NULL;
*_proto = proto;
*_data = data;
proto[0] = data[0] = '\0';
@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
display = xdisplay;
}
if (trusted == 0) {
- xauthdir = xmalloc(PATH_MAX);
- xauthfile = xmalloc(PATH_MAX);
mktemp_proto(xauthdir, PATH_MAX);
/*
* The authentication cookie should briefly outlive
@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
unlink(xauthfile);
rmdir(xauthdir);
}
- free(xauthdir);
- free(xauthfile);
/*
* If we didn't get authentication data, just make up some
--
1.9.1
|
