Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: xdm problems

From: matthieu () LAAS FR (Matthieu Herrb)
Date: Mon, 20 Apr 1998 18:12:16 +0200

Here's a patch at the source of the problem (a double free() while
doing error recorevy in libXdmcp. It will also help if one
finds another way to feed libXdmcp with incorrect data.

Index: xc/lib/Xdmcp/DA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DA16.c      1997/09/05 08:59:52     1.1.1.1
+++ DA16.c      1998/04/17 11:30:08     1.3
@@ -37,7 +37,8 @@
 XdmcpDisposeARRAY16 (array)
     ARRAY16Ptr array;
 {
-    Xfree (array->data);
+    if (array->data != 0)
+       Xfree (array->data);
     array->length = 0;
     array->data = 0;
 }
Index: xc/lib/Xdmcp/DA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA32.c      1997/09/05 08:59:52     1.1.1.1
+++ DA32.c      1998/04/17 10:09:49     1.2
@@ -37,7 +37,8 @@
 XdmcpDisposeARRAY32 (array)
     ARRAY32Ptr array;
 {
-    Xfree (array->data);
+    if (array->data != 0)
+       Xfree (array->data);
     array->length = 0;
     array->data = 0;
 }
Index: xc/lib/Xdmcp/DA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- DA8.c       1997/09/05 08:59:52     1.1.1.1
+++ DA8.c       1998/04/17 10:09:51     1.2
@@ -37,7 +37,8 @@
 XdmcpDisposeARRAY8 (array)
     ARRAY8Ptr  array;
 {
-    Xfree (array->data);
+    if (array->data != 0)
+       Xfree (array->data);
     array->length = 0;
     array->data = 0;
 }
Index: xc/lib/Xdmcp/DAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/DAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.3
diff -u -r1.1.1.1 -r1.3
--- DAofA8.c    1997/09/05 08:59:52     1.1.1.1
+++ DAofA8.c    1998/04/17 11:30:09     1.3
@@ -41,7 +41,8 @@

     for (i = 0; i < (int)array->length; i++)
        XdmcpDisposeARRAY8 (&array->data[i]);
-    Xfree (array->data);
+    if (array->data != 0)
+       Xfree (array->data);
     array->length = 0;
     array->data = 0;
 }
Index: xc/lib/Xdmcp/RA16.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA16.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA16.c      1997/09/05 08:59:53     1.1.1.1
+++ RA16.c      1998/04/17 10:09:53     1.2
@@ -55,6 +55,7 @@
        if (!XdmcpReadCARD16 (buffer, &array->data[i]))
        {
            Xfree (array->data);
+           array->data = 0;
            return FALSE;
        }
     }
Index: xc/lib/Xdmcp/RA32.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA32.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA32.c      1997/09/05 08:59:53     1.1.1.1
+++ RA32.c      1998/04/17 10:09:54     1.2
@@ -55,6 +55,7 @@
        if (!XdmcpReadCARD32 (buffer, &array->data[i]))
        {
            Xfree (array->data);
+           array->data = 0;
            return FALSE;
        }
     }
Index: xc/lib/Xdmcp/RA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RA8.c       1997/09/05 08:59:53     1.1.1.1
+++ RA8.c       1998/04/17 10:09:55     1.2
@@ -55,6 +55,7 @@
        if (!XdmcpReadCARD8 (buffer, &array->data[i]))
        {
            Xfree (array->data);
+           array->data = 0;
            return FALSE;
        }
     }
Index: xc/lib/Xdmcp/RAofA8.c
===================================================================
RCS file: /cvs/X11/xc/lib/Xdmcp/RAofA8.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- RAofA8.c    1997/09/05 08:59:53     1.1.1.1
+++ RAofA8.c    1998/04/17 10:09:57     1.2
@@ -55,6 +55,7 @@
        if (!XdmcpReadARRAY8 (buffer, &array->data[i]))
        {
            Xfree (array->data);
+           array->data = 0;
            return FALSE;
        }
     }

                                        Matthieu
Previous By Date Next
Previous By Thread Next

Current thread: