[6544] in bugtraq
Re: xdm problems
daemon@ATHENA.MIT.EDU (Matthieu Herrb)
Mon Apr 20 15:31:32 1998
Date: Mon, 20 Apr 1998 18:12:16 +0200
Reply-To: matthieu@laas.fr
From: Matthieu Herrb <matthieu@LAAS.FR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980417001420.A8652@sobolev.iam.uni-bonn.de>
Here's a patch at the source of the problem (a double free() while
doing error recorevy in libXdmcp. It will also help if one
finds another way to feed libXdmcp with incorrect data.
Index: xc/lib/Xdmcp/DA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DA16.c 1997/09/05 08:59:52 1.1.1.1
+++ DA16.c 1998/04/17 11:30:08 1.3
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY16 (array)
ARRAY16Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA32.c 1997/09/05 08:59:52 1.1.1.1
+++ DA32.c 1998/04/17 10:09:49 1.2
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY32 (array)
ARRAY32Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA8.c 1997/09/05 08:59:52 1.1.1.1
+++ DA8.c 1998/04/17 10:09:51 1.2
@@ -37,7 +37,8 @@
XdmcpDisposeARRAY8 (array)
ARRAY8Ptr array;
{
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/DAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DAofA8.c 1997/09/05 08:59:52 1.1.1.1
+++ DAofA8.c 1998/04/17 11:30:09 1.3
@@ -41,7 +41,8 @@
for (i = 0; i < (int)array->length; i++)
XdmcpDisposeARRAY8 (&array->data[i]);
- Xfree (array->data);
+ if (array->data != 0)
+ Xfree (array->data);
array->length = 0;
array->data = 0;
}
Index: xc/lib/Xdmcp/RA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA16.c 1997/09/05 08:59:53 1.1.1.1
+++ RA16.c 1998/04/17 10:09:53 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD16 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA32.c 1997/09/05 08:59:53 1.1.1.1
+++ RA32.c 1998/04/17 10:09:54 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD32 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA8.c 1997/09/05 08:59:53 1.1.1.1
+++ RA8.c 1998/04/17 10:09:55 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadCARD8 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Index: xc/lib/Xdmcp/RAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RAofA8.c 1997/09/05 08:59:53 1.1.1.1
+++ RAofA8.c 1998/04/17 10:09:57 1.2
@@ -55,6 +55,7 @@
if (!XdmcpReadARRAY8 (buffer, &array->data[i]))
{
Xfree (array->data);
+ array->data = 0;
return FALSE;
}
}
Matthieu
