CVS commit: [netbsd-6] xsrc

Martin Husemann Wed, 08 Mar 2017 06:47:51 -0800

Module Name:    xsrc
Committed By:   martin
Date:           Wed Mar  8 14:47:24 UTC 2017


Modified Files:
        xsrc/external/mit/xorg-server/dist [netbsd-6]: configure.ac
        xsrc/external/mit/xorg-server/dist/include [netbsd-6]: dix-config.h.in
            os.h
        xsrc/external/mit/xorg-server/dist/os [netbsd-6]: auth.c mitauth.c
            osdep.h rpcauth.c xdmauth.c
        xsrc/external/mit/xorg-server/include [netbsd-6]: dix-config.h
        xsrc/xfree/xc/programs/Xserver/include [netbsd-6]: os.h
        xsrc/xfree/xc/programs/Xserver/os [netbsd-6]: auth.c mitauth.c osdep.h
            rpcauth.c xdmauth.c
Added Files:
        xsrc/external/mit/xorg-server/dist/os [netbsd-6]: timingsafe_memcmp.c
        xsrc/xfree/xc/programs/Xserver/os [netbsd-6]: timingsafe_memcmp.c

Log Message:
xsrc/external/mit/xorg-server.old/dist/configure.ac     1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/include/os.h     1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/auth.c        1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/auth.c        1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/os/mitauth.c     1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/mitauth.c     1.3 (patch)
xsrc/external/mit/xorg-server.old/dist/os/osdep.h       1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/rpcauth.c     1.2 (patch)
xsrc/external/mit/xorg-server.old/dist/os/timingsafe_memcmp.c 1.1 (patch)
xsrc/external/mit/xorg-server.old/dist/os/xdmauth.c     1.2 (patch)
xsrc/external/mit/xorg-server.old/include/dix-config.h 1.3 (patch)
xsrc/external/mit/xorg-server.old/include/dix-config.h 1.4 (patch)
xsrc/external/mit/xorg-server/dist/configure.ac 1.4 (patch)
xsrc/external/mit/xorg-server/dist/configure.ac 1.5 (patch)
xsrc/external/mit/xorg-server/dist/include/dix-config.h.in 1.2 (patch)
xsrc/external/mit/xorg-server/dist/include/dix-config.h.in 1.3 (patch)
xsrc/external/mit/xorg-server/dist/include/os.h 1.8 (patch)
xsrc/external/mit/xorg-server/dist/os/auth.c            1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/auth.c            1.3 (patch)
xsrc/external/mit/xorg-server/dist/os/mitauth.c 1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/mitauth.c 1.3 (patch)
xsrc/external/mit/xorg-server/dist/os/osdep.h   1.2 (patch)
xsrc/external/mit/xorg-server/dist/os/rpcauth.c 1.4 (patch)
xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c 1.1 (patch)
xsrc/external/mit/xorg-server/dist/os/xdmauth.c 1.2 (patch)
xsrc/external/mit/xorg-server/include/dix-config.h      1.26 (patch)
xsrc/external/mit/xorg-server/include/dix-config.h      1.27 (patch)

        Apply upstream fixes for generation and comparision of
        MIT-MAGIC-COOKIES, fixing CVE-2017-2624
        [mrg, ticket #1381]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.8.2.1 -r1.1.1.8.2.2 \
    xsrc/external/mit/xorg-server/dist/configure.ac
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
    xsrc/external/mit/xorg-server/dist/include/dix-config.h.in
cvs rdiff -u -r1.6 -r1.6.2.1 xsrc/external/mit/xorg-server/dist/include/os.h
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \
    xsrc/external/mit/xorg-server/dist/os/auth.c \
    xsrc/external/mit/xorg-server/dist/os/xdmauth.c
cvs rdiff -u -r1.1.1.2 -r1.1.1.2.2.1 \
    xsrc/external/mit/xorg-server/dist/os/mitauth.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
    xsrc/external/mit/xorg-server/dist/os/osdep.h
cvs rdiff -u -r1.1.1.3.2.1 -r1.1.1.3.2.2 \
    xsrc/external/mit/xorg-server/dist/os/rpcauth.c
cvs rdiff -u -r0 -r1.1.6.2 \
    xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c
cvs rdiff -u -r1.19 -r1.19.2.1 \
    xsrc/external/mit/xorg-server/include/dix-config.h
cvs rdiff -u -r1.5 -r1.5.14.1 xsrc/xfree/xc/programs/Xserver/include/os.h
cvs rdiff -u -r1.4 -r1.4.26.1 xsrc/xfree/xc/programs/Xserver/os/auth.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.28.1 \
    xsrc/xfree/xc/programs/Xserver/os/mitauth.c
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.14.1 \
    xsrc/xfree/xc/programs/Xserver/os/osdep.h
cvs rdiff -u -r1.1.1.5.26.1 -r1.1.1.5.26.2 \
    xsrc/xfree/xc/programs/Xserver/os/rpcauth.c
cvs rdiff -u -r0 -r1.1.6.2 \
    xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.14.1 \
    xsrc/xfree/xc/programs/Xserver/os/xdmauth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server/dist/configure.ac
diff -u xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.2.1 xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.2.2
--- xsrc/external/mit/xorg-server/dist/configure.ac:1.1.1.8.2.1	Tue Dec  9 19:43:12 2014
+++ xsrc/external/mit/xorg-server/dist/configure.ac	Wed Mar  8 14:47:24 2017
@@ -220,6 +220,8 @@ AC_CHECK_FUNC([strlcpy], AC_DEFINE(HAS_S
 
 AM_CONDITIONAL(NEED_VSNPRINTF, [test x$HAVE_VSNPRINTF = xno])
 
+AC_CHECK_LIB([bsd], [arc4random_buf])
+
 dnl Check for mmap support for Xvfb
 AC_CHECK_FUNC([mmap], AC_DEFINE(HAS_MMAP, 1, [Have the 'mmap' function.]))
 

Index: xsrc/external/mit/xorg-server/dist/include/dix-config.h.in
diff -u xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4 xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4.2.1
--- xsrc/external/mit/xorg-server/dist/include/dix-config.h.in:1.1.1.4	Tue Aug  2 06:57:02 2011
+++ xsrc/external/mit/xorg-server/dist/include/dix-config.h.in	Wed Mar  8 14:47:24 2017
@@ -133,6 +133,9 @@
 /* Build a standalone xpbproxy */
 #undef STANDALONE_XPBPROXY
 
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+#undef HAVE_LIBBSD
+
 /* Define to 1 if you have the `m' library (-lm). */
 #undef HAVE_LIBM
 
@@ -160,6 +163,9 @@
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 #undef HAVE_RPCSVC_DBM_H
 
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
 /* Define to use libc SHA1 functions */
 #undef HAVE_SHA1_IN_LIBC
 
@@ -228,6 +234,9 @@
 /* Define to 1 if you have the <sys/vm86.h> header file. */
 #undef HAVE_SYS_VM86_H
 
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+#undef HAVE_TIMINGSAFE_MEMCMP
+
 /* Define to 1 if you have the <tslib.h> header file. */
 #undef HAVE_TSLIB_H
 

Index: xsrc/external/mit/xorg-server/dist/include/os.h
diff -u xsrc/external/mit/xorg-server/dist/include/os.h:1.6 xsrc/external/mit/xorg-server/dist/include/os.h:1.6.2.1
--- xsrc/external/mit/xorg-server/dist/include/os.h:1.6	Tue Aug  2 07:15:06 2011
+++ xsrc/external/mit/xorg-server/dist/include/os.h	Wed Mar  8 14:47:24 2017
@@ -495,6 +495,11 @@ extern _X_EXPORT size_t strlcpy(char *ds
 extern _X_EXPORT size_t strlcat(char *dst, const char *src, size_t siz);
 #endif
 
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
 /* Logging. */
 typedef enum _LogParameter {
     XLOG_FLUSH,

Index: xsrc/external/mit/xorg-server/dist/os/auth.c
diff -u xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3 xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3.2.1
--- xsrc/external/mit/xorg-server/dist/os/auth.c:1.1.1.3	Tue Nov 23 05:22:09 2010
+++ xsrc/external/mit/xorg-server/dist/os/auth.c	Wed Mar  8 14:47:24 2017
@@ -45,6 +45,9 @@ from The Open Group.
 #ifdef WIN32
 #include    <X11/Xw32defs.h>
 #endif
+#ifdef HAVE_LIBBSD
+#include   <bsd/stdlib.h>       /* for arc4random_buf() */
+#endif
 
 struct protocol {
     unsigned short   name_length;
@@ -52,7 +55,6 @@ struct protocol {
     AuthAddCFunc	Add;	/* new authorization data */
     AuthCheckFunc	Check;	/* verify client authorization data */
     AuthRstCFunc	Reset;	/* delete all authorization data entries */
-    AuthToIDFunc	ToID;	/* convert cookie to ID */
     AuthFromIDFunc	FromID;	/* convert ID to cookie */
     AuthRemCFunc	Remove;	/* remove a specific cookie */
 #ifdef XCSECURITY
@@ -63,7 +65,7 @@ struct protocol {
 static struct protocol   protocols[] = {
 {   (unsigned short) 18,    "MIT-MAGIC-COOKIE-1",
 		MitAddCookie,	MitCheckCookie,	MitResetCookie,
-		MitToID,	MitFromID,	MitRemoveCookie,
+		MitFromID,	MitRemoveCookie,
 #ifdef XCSECURITY
 		MitGenerateCookie
 #endif
@@ -71,7 +73,7 @@ static struct protocol   protocols[] = {
 #ifdef HASXDMAUTH
 {   (unsigned short) 19,    "XDM-AUTHORIZATION-1",
 		XdmAddCookie,	XdmCheckCookie,	XdmResetCookie,
-		XdmToID,	XdmFromID,	XdmRemoveCookie,
+		XdmFromID,	XdmRemoveCookie,
 #ifdef XCSECURITY
 		NULL
 #endif
@@ -80,7 +82,7 @@ static struct protocol   protocols[] = {
 #ifdef SECURE_RPC
 {   (unsigned short) 9,    "SUN-DES-1",
 		SecureRPCAdd,	SecureRPCCheck,	SecureRPCReset,
-		SecureRPCToID,	SecureRPCFromID,SecureRPCRemove,
+		SecureRPCFromID,SecureRPCRemove,
 #ifdef XCSECURITY
 		NULL
 #endif
@@ -318,11 +320,15 @@ GenerateAuthorization(
 void
 GenerateRandomData (int len, char *buf)
 {
+#ifdef HAVE_ARC4RANDOMBUF
+    arc4random_buf(buf, len);
+#else
     int fd;
 
     fd = open("/dev/urandom", O_RDONLY);
     read(fd, buf, len);
     close(fd);
+#endif
 }
 
 #endif /* XCSECURITY */
Index: xsrc/external/mit/xorg-server/dist/os/xdmauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3 xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3.2.1
--- xsrc/external/mit/xorg-server/dist/os/xdmauth.c:1.1.1.3	Tue Nov 23 05:22:10 2010
+++ xsrc/external/mit/xorg-server/dist/os/xdmauth.c	Wed Mar  8 14:47:24 2017
@@ -423,31 +423,6 @@ XdmResetCookie (void)
     return 1;
 }
 
-XID
-XdmToID (unsigned short cookie_length, char *cookie)
-{
-    XdmAuthorizationPtr	auth;
-    XdmClientAuthPtr	client;
-    unsigned char	*plain;
-
-    plain = malloc(cookie_length);
-    if (!plain)
-	return (XID) -1;
-    for (auth = xdmAuth; auth; auth=auth->next) {
-	XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key, plain, cookie_length);
-	if ((client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho, NULL, NULL)) != NULL)
-	{
-	    free(client);
-	    free(cookie);
-	    free(plain);
-	    return auth->id;
-	}
-    }
-    free(cookie);
-    free(plain);
-    return (XID) -1;
-}
-
 int
 XdmFromID (XID id, unsigned short *data_lenp, char **datap)
 {

Index: xsrc/external/mit/xorg-server/dist/os/mitauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2 xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2.2.1
--- xsrc/external/mit/xorg-server/dist/os/mitauth.c:1.1.1.2	Tue Nov 23 05:22:09 2010
+++ xsrc/external/mit/xorg-server/dist/os/mitauth.c	Wed Mar  8 14:47:24 2017
@@ -82,7 +82,7 @@ MitCheckCookie (
 
     for (auth = mit_auth; auth; auth=auth->next) {
         if (data_length == auth->len &&
-	   memcmp (data, auth->data, (int) data_length) == 0)
+	   timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
 	    return auth->id;
     }
     *reason = "Invalid MIT-MAGIC-COOKIE-1 key";
@@ -103,21 +103,6 @@ MitResetCookie (void)
     return 0;
 }
 
-XID
-MitToID (
-	unsigned short	data_length,
-	char		*data)
-{
-    struct auth	*auth;
-
-    for (auth = mit_auth; auth; auth=auth->next) {
-	if (data_length == auth->len &&
-	    memcmp (data, auth->data, data_length) == 0)
-	    return auth->id;
-    }
-    return (XID) -1;
-}
-
 int
 MitFromID (
 	XID		id,

Index: xsrc/external/mit/xorg-server/dist/os/osdep.h
diff -u xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4 xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4.2.1
--- xsrc/external/mit/xorg-server/dist/os/osdep.h:1.1.1.4	Tue Aug  2 06:57:04 2011
+++ xsrc/external/mit/xorg-server/dist/os/osdep.h	Wed Mar  8 14:47:24 2017
@@ -158,9 +158,6 @@ typedef int (*AuthRemCFunc) (AuthRemCArg
 #define AuthRstCArgs void
 typedef int (*AuthRstCFunc) (AuthRstCArgs);
 
-#define AuthToIDArgs unsigned short data_length, char *data
-typedef XID (*AuthToIDFunc) (AuthToIDArgs);
-
 typedef void (*OsCloseFunc)(ClientPtr);
 
 typedef int (*OsFlushFunc)(ClientPtr who, struct _osComm * oc, char* extraBuf, int extraCount);
@@ -227,7 +224,6 @@ extern void GenerateRandomData (int len,
 /* in mitauth.c */
 extern XID  MitCheckCookie    (AuthCheckArgs);
 extern XID  MitGenerateCookie (AuthGenCArgs);
-extern XID  MitToID           (AuthToIDArgs);
 extern int  MitAddCookie      (AuthAddCArgs);
 extern int  MitFromID         (AuthFromIDArgs);
 extern int  MitRemoveCookie   (AuthRemCArgs);
@@ -236,7 +232,6 @@ extern int  MitResetCookie    (AuthRstCA
 /* in xdmauth.c */
 #ifdef HASXDMAUTH
 extern XID  XdmCheckCookie    (AuthCheckArgs);
-extern XID  XdmToID           (AuthToIDArgs);
 extern int  XdmAddCookie      (AuthAddCArgs);
 extern int  XdmFromID         (AuthFromIDArgs);
 extern int  XdmRemoveCookie   (AuthRemCArgs);
@@ -247,7 +242,6 @@ extern int  XdmResetCookie    (AuthRstCA
 #ifdef SECURE_RPC
 extern void SecureRPCInit     (AuthInitArgs);
 extern XID  SecureRPCCheck    (AuthCheckArgs);
-extern XID  SecureRPCToID     (AuthToIDArgs);
 extern int  SecureRPCAdd      (AuthAddCArgs);
 extern int  SecureRPCFromID   (AuthFromIDArgs);
 extern int  SecureRPCRemove   (AuthRemCArgs);

Index: xsrc/external/mit/xorg-server/dist/os/rpcauth.c
diff -u xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.2.1 xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.2.2
--- xsrc/external/mit/xorg-server/dist/os/rpcauth.c:1.1.1.3.2.1	Tue Dec  9 19:43:13 2014
+++ xsrc/external/mit/xorg-server/dist/os/rpcauth.c	Wed Mar  8 14:47:24 2017
@@ -177,12 +177,6 @@ SecureRPCReset (void)
     return 1;
 }
 
-_X_HIDDEN XID
-SecureRPCToID (unsigned short data_length, char *data)
-{
-    return rpc_id;
-}
-
 _X_HIDDEN int
 SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap)
 {

Index: xsrc/external/mit/xorg-server/include/dix-config.h
diff -u xsrc/external/mit/xorg-server/include/dix-config.h:1.19 xsrc/external/mit/xorg-server/include/dix-config.h:1.19.2.1
--- xsrc/external/mit/xorg-server/include/dix-config.h:1.19	Tue Aug  2 22:45:52 2011
+++ xsrc/external/mit/xorg-server/include/dix-config.h	Wed Mar  8 14:47:24 2017
@@ -134,6 +134,9 @@
 /* Build a standalone xpbproxy */
 /* #undef STANDALONE_XPBPROXY */
 
+/* Define to 1 if you have the `bsd' library (-lbsd). */
+/* #undef HAVE_LIBBSD */
+
 /* Define to 1 if you have the `m' library (-lm). */
 #define HAVE_LIBM 1
 
@@ -161,6 +164,9 @@
 /* Define to 1 if you have the <rpcsvc/dbm.h> header file. */
 /* #undef HAVE_RPCSVC_DBM_H */
 
+/* Define to 1 if you have the `arc4random_buf' function. */
+#define HAVE_ARC4RANDOM_BUF 1
+
 /* Define to use libc SHA1 functions */
 #define HAVE_SHA1_IN_LIBC 1
 
@@ -229,6 +235,9 @@
 /* Define to 1 if you have the <sys/vm86.h> header file. */
 /* #undef HAVE_SYS_VM86_H */
 
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+/* #undef HAVE_TIMINGSAFE_MEMCMP */
+
 /* Define to 1 if you have the <tslib.h> header file. */
 /* #undef HAVE_TSLIB_H */
 

Index: xsrc/xfree/xc/programs/Xserver/include/os.h
diff -u xsrc/xfree/xc/programs/Xserver/include/os.h:1.5 xsrc/xfree/xc/programs/Xserver/include/os.h:1.5.14.1
--- xsrc/xfree/xc/programs/Xserver/include/os.h:1.5	Fri Mar 18 14:55:16 2005
+++ xsrc/xfree/xc/programs/Xserver/include/os.h	Wed Mar  8 14:47:24 2017
@@ -532,6 +532,11 @@ extern void AbortDDX(void);
 extern void ddxGiveUp(void);
 extern int TimeSinceLastInputEvent(void);
 
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
 /* Logging. */
 typedef enum _LogParameter {
     XLOG_FLUSH,

Index: xsrc/xfree/xc/programs/Xserver/os/auth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4 xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4.26.1
--- xsrc/xfree/xc/programs/Xserver/os/auth.c:1.4	Fri Mar  5 16:33:09 2004
+++ xsrc/xfree/xc/programs/Xserver/os/auth.c	Wed Mar  8 14:47:24 2017
@@ -50,6 +50,9 @@ from The Open Group.
 #ifdef WIN32
 #include "Xw32defs.h"
 #endif
+#ifdef HAVE_LIBBSD
+#include   <bsd/stdlib.h>       /* for arc4random_buf() */
+#endif
 
 struct protocol {
     unsigned short   name_length;
@@ -57,7 +60,6 @@ struct protocol {
     AuthAddCFunc	Add;	/* new authorization data */
     AuthCheckFunc	Check;	/* verify client authorization data */
     AuthRstCFunc	Reset;	/* delete all authorization data entries */
-    AuthToIDFunc	ToID;	/* convert cookie to ID */
     AuthFromIDFunc	FromID;	/* convert ID to cookie */
     AuthRemCFunc	Remove;	/* remove a specific cookie */
 #ifdef XCSECURITY
@@ -68,7 +70,7 @@ struct protocol {
 static struct protocol   protocols[] = {
 {   (unsigned short) 18,    "MIT-MAGIC-COOKIE-1",
 		MitAddCookie,	MitCheckCookie,	MitResetCookie,
-		MitToID,	MitFromID,	MitRemoveCookie,
+		MitFromID,	MitRemoveCookie,
 #ifdef XCSECURITY
 		MitGenerateCookie
 #endif
@@ -76,7 +78,7 @@ static struct protocol   protocols[] = {
 #ifdef HASXDMAUTH
 {   (unsigned short) 19,    "XDM-AUTHORIZATION-1",
 		XdmAddCookie,	XdmCheckCookie,	XdmResetCookie,
-		XdmToID,	XdmFromID,	XdmRemoveCookie,
+		XdmFromID,	XdmRemoveCookie,
 #ifdef XCSECURITY
 		NULL
 #endif
@@ -85,7 +87,7 @@ static struct protocol   protocols[] = {
 #ifdef SECURE_RPC
 {   (unsigned short) 9,    "SUN-DES-1",
 		SecureRPCAdd,	SecureRPCCheck,	SecureRPCReset,
-		SecureRPCToID,	SecureRPCFromID,SecureRPCRemove,
+		SecureRPCFromID,SecureRPCRemove,
 #ifdef XCSECURITY
 		NULL
 #endif
@@ -94,7 +96,7 @@ static struct protocol   protocols[] = {
 #ifdef K5AUTH
 {   (unsigned short) 14, "MIT-KERBEROS-5",
 		K5Add, K5Check, K5Reset,
-		K5ToID, K5FromID, K5Remove,
+		K5FromID, K5Remove,
 #ifdef XCSECURITY
 		NULL
 #endif
@@ -104,7 +106,7 @@ static struct protocol   protocols[] = {
 {   (unsigned short) XSecurityAuthorizationNameLen,
 	XSecurityAuthorizationName,
 		NULL, AuthSecurityCheck, NULL,
-		NULL, NULL, NULL,
+		NULL, NULL,
 		NULL
 },
 #endif
@@ -254,26 +256,6 @@ ResetAuthorization (void)
     ShouldLoadAuth = TRUE;
 }
 
-XID
-AuthorizationToID (
-	unsigned short	name_length,
-	char		*name,
-	unsigned short	data_length,
-	char		*data)
-{
-    int	i;
-
-    for (i = 0; i < NUM_AUTHORIZATION; i++) {
-    	if (protocols[i].name_length == name_length &&
-	    memcmp (protocols[i].name, name, (int) name_length) == 0 &&
-	    protocols[i].ToID)
-    	{
-	    return (*protocols[i].ToID) (data_length, data);
-    	}
-    }
-    return (XID) ~0L;
-}
-
 int
 AuthorizationFromID (
 	XID 		id,

Index: xsrc/xfree/xc/programs/Xserver/os/mitauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4 xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4.28.1
--- xsrc/xfree/xc/programs/Xserver/os/mitauth.c:1.1.1.4	Sat Jan 19 15:14:27 2002
+++ xsrc/xfree/xc/programs/Xserver/os/mitauth.c	Wed Mar  8 14:47:24 2017
@@ -80,7 +80,7 @@ MitCheckCookie (
 
     for (auth = mit_auth; auth; auth=auth->next) {
         if (data_length == auth->len &&
-	   memcmp (data, auth->data, (int) data_length) == 0)
+	   timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
 	    return auth->id;
     }
     *reason = "Invalid MIT-MAGIC-COOKIE-1 key";
@@ -101,21 +101,6 @@ MitResetCookie (void)
     return 0;
 }
 
-XID
-MitToID (
-	unsigned short	data_length,
-	char		*data)
-{
-    struct auth	*auth;
-
-    for (auth = mit_auth; auth; auth=auth->next) {
-	if (data_length == auth->len &&
-	    memcmp (data, auth->data, data_length) == 0)
-	    return auth->id;
-    }
-    return (XID) -1;
-}
-
 int
 MitFromID (
 	XID		id,

Index: xsrc/xfree/xc/programs/Xserver/os/osdep.h
diff -u xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7 xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7.14.1
--- xsrc/xfree/xc/programs/Xserver/os/osdep.h:1.1.1.7	Fri Mar 18 13:13:14 2005
+++ xsrc/xfree/xc/programs/Xserver/os/osdep.h	Wed Mar  8 14:47:24 2017
@@ -181,9 +181,6 @@ typedef int (*AuthRemCFunc) (AuthRemCArg
 #define AuthRstCArgs void
 typedef int (*AuthRstCFunc) (AuthRstCArgs);
 
-#define AuthToIDArgs unsigned short data_length, char *data
-typedef XID (*AuthToIDFunc) (AuthToIDArgs);
-
 typedef void (*OsCloseFunc)(ClientPtr);
 
 typedef int (*OsFlushFunc)(ClientPtr who, struct _osComm * oc, char* extraBuf, int extraCount);
@@ -269,7 +266,6 @@ extern void GenerateRandomData (int len,
 /* in mitauth.c */
 extern XID  MitCheckCookie    (AuthCheckArgs);
 extern XID  MitGenerateCookie (AuthGenCArgs);
-extern XID  MitToID           (AuthToIDArgs);
 extern int  MitAddCookie      (AuthAddCArgs);
 extern int  MitFromID         (AuthFromIDArgs);
 extern int  MitRemoveCookie   (AuthRemCArgs);
@@ -278,7 +274,6 @@ extern int  MitResetCookie    (AuthRstCA
 /* in xdmauth.c */
 #ifdef HASXDMAUTH
 extern XID  XdmCheckCookie    (AuthCheckArgs);
-extern XID  XdmToID           (AuthToIDArgs);
 extern int  XdmAddCookie      (AuthAddCArgs);
 extern int  XdmFromID         (AuthFromIDArgs);
 extern int  XdmRemoveCookie   (AuthRemCArgs);
@@ -289,7 +284,6 @@ extern int  XdmResetCookie    (AuthRstCA
 #ifdef SECURE_RPC
 extern void SecureRPCInit     (AuthInitArgs);
 extern XID  SecureRPCCheck    (AuthCheckArgs);
-extern XID  SecureRPCToID     (AuthToIDArgs);
 extern int  SecureRPCAdd      (AuthAddCArgs);
 extern int  SecureRPCFromID   (AuthFromIDArgs);
 extern int  SecureRPCRemove   (AuthRemCArgs);

Index: xsrc/xfree/xc/programs/Xserver/os/rpcauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.26.1 xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.26.2
--- xsrc/xfree/xc/programs/Xserver/os/rpcauth.c:1.1.1.5.26.1	Fri Dec 12 07:15:06 2014
+++ xsrc/xfree/xc/programs/Xserver/os/rpcauth.c	Wed Mar  8 14:47:24 2017
@@ -184,12 +184,6 @@ SecureRPCReset (void)
     return 1;
 }
 
-XID
-SecureRPCToID (unsigned short data_length, char *data)
-{
-    return rpc_id;
-}
-
 int
 SecureRPCFromID (XID id, unsigned short *data_lenp, char **datap)
 {

Index: xsrc/xfree/xc/programs/Xserver/os/xdmauth.c
diff -u xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6 xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6.14.1
--- xsrc/xfree/xc/programs/Xserver/os/xdmauth.c:1.1.1.6	Fri Mar 18 13:13:14 2005
+++ xsrc/xfree/xc/programs/Xserver/os/xdmauth.c	Wed Mar  8 14:47:24 2017
@@ -422,32 +422,6 @@ XdmResetCookie (void)
     return 1;
 }
 
-XID
-XdmToID (unsigned short cookie_length, char *cookie)
-{
-    XdmAuthorizationPtr	auth;
-    XdmClientAuthPtr	client;
-    unsigned char	*plain;
-
-    plain = (unsigned char *) xalloc (cookie_length);
-    if (!plain)
-	return (XID) -1;
-    for (auth = xdmAuth; auth; auth=auth->next) {
-	XdmcpUnwrap ((unsigned char *)cookie, (unsigned char *)&auth->key,
-		     plain, cookie_length);
-	client = XdmAuthorizationValidate (plain, cookie_length, &auth->rho,
-					   NULL, NULL);
-	if (client != NULL)
-	{
-	    xfree (client);
-	    xfree (cookie);
-	    return auth->id;
-	}
-    }
-    xfree (cookie);
-    return (XID) -1;
-}
-
 int
 XdmFromID (XID id, unsigned short *data_lenp, char **datap)
 {

Added files:

Index: xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c
diff -u /dev/null xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c:1.1.6.2
--- /dev/null	Wed Mar  8 14:47:24 2017
+++ xsrc/external/mit/xorg-server/dist/os/timingsafe_memcmp.c	Wed Mar  8 14:47:24 2017
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <X11/Xfuncproto.h>
+#include <dix-config.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+        const unsigned char *p1 = b1, *p2 = b2;
+        size_t i;
+        int res = 0, done = 0;
+
+        for (i = 0; i < len; i++) {
+                /* lt is -1 if p1[i] < p2[i]; else 0. */
+                int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+                /* gt is -1 if p1[i] > p2[i]; else 0. */
+                int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+                /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+                int cmp = lt - gt;
+
+                /* set res = cmp if !done. */
+                res |= cmp & ~done;
+
+                /* set done if p1[i] != p2[i]. */
+                done |= lt | gt;
+        }
+
+        return (res);
+}

Index: xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c
diff -u /dev/null xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c:1.1.6.2
--- /dev/null	Wed Mar  8 14:47:24 2017
+++ xsrc/xfree/xc/programs/Xserver/os/timingsafe_memcmp.c	Wed Mar  8 14:47:24 2017
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <X11/Xfuncproto.h>
+#include "os.h"
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+        const unsigned char *p1 = b1, *p2 = b2;
+        size_t i;
+        int res = 0, done = 0;
+
+        for (i = 0; i < len; i++) {
+                /* lt is -1 if p1[i] < p2[i]; else 0. */
+                int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+                /* gt is -1 if p1[i] > p2[i]; else 0. */
+                int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+                /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+                int cmp = lt - gt;
+
+                /* set res = cmp if !done. */
+                res |= cmp & ~done;
+
+                /* set done if p1[i] != p2[i]. */
+                done |= lt | gt;
+        }
+
+        return (res);
+}

CVS commit: [netbsd-6] xsrc

Reply via email to