port to xorg-server 1.10: -- Log Message: apply https://cgit.freedesktop.org/xorg/xserver/commit/?id=d7ac755f0b618eb1259d93c8a16ec6e39a18627c Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624 Provide the function definition for systems that don't have it. Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> and https://cgit.freedesktop.org/xorg/xserver/commit/?id=5c44169caed811e59a65ba346de1cadb46d266ec os: Squash missing declaration warning for timingsafe_memcmp timingsafe_memcmp.c:21:1: warning: no previous prototype for `timingsafe_memcmp' [-Wmissing-prototypes] timingsafe_memcmp(const void *b1, const void *b2, size_t len) Signed-off-by: Adam Jackson <ajax@redhat.com> --diff -r1.1.1.1 -r1.2 xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in
(mrg)
--- xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 2016/06/09 09:08:00 1.1.1.1
+++ xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 2017/03/08 07:31:42 1.2
| @@ -218,26 +218,29 @@ | @@ -218,26 +218,29 @@ | |||
| 218 | 218 | |||
| 219 | /* Define to 1 if you have the <sys/stat.h> header file. */ | 219 | /* Define to 1 if you have the <sys/stat.h> header file. */ | |
| 220 | #undef HAVE_SYS_STAT_H | 220 | #undef HAVE_SYS_STAT_H | |
| 221 | 221 | |||
| 222 | /* Define to 1 if you have the <sys/types.h> header file. */ | 222 | /* Define to 1 if you have the <sys/types.h> header file. */ | |
| 223 | #undef HAVE_SYS_TYPES_H | 223 | #undef HAVE_SYS_TYPES_H | |
| 224 | 224 | |||
| 225 | /* Define to 1 if you have the <sys/utsname.h> header file. */ | 225 | /* Define to 1 if you have the <sys/utsname.h> header file. */ | |
| 226 | #undef HAVE_SYS_UTSNAME_H | 226 | #undef HAVE_SYS_UTSNAME_H | |
| 227 | 227 | |||
| 228 | /* Define to 1 if you have the <sys/vm86.h> header file. */ | 228 | /* Define to 1 if you have the <sys/vm86.h> header file. */ | |
| 229 | #undef HAVE_SYS_VM86_H | 229 | #undef HAVE_SYS_VM86_H | |
| 230 | 230 | |||
| 231 | /* Define to 1 if you have the `timingsafe_memcmp' function. */ | |||
| 232 | #undef HAVE_TIMINGSAFE_MEMCMP | |||
| 233 | ||||
| 231 | /* Define to 1 if you have the <tslib.h> header file. */ | 234 | /* Define to 1 if you have the <tslib.h> header file. */ | |
| 232 | #undef HAVE_TSLIB_H | 235 | #undef HAVE_TSLIB_H | |
| 233 | 236 | |||
| 234 | /* Define to 1 if you have the <unistd.h> header file. */ | 237 | /* Define to 1 if you have the <unistd.h> header file. */ | |
| 235 | #undef HAVE_UNISTD_H | 238 | #undef HAVE_UNISTD_H | |
| 236 | 239 | |||
| 237 | /* Define to 1 if you have the <fnmatch.h> header file. */ | 240 | /* Define to 1 if you have the <fnmatch.h> header file. */ | |
| 238 | #undef HAVE_FNMATCH_H | 241 | #undef HAVE_FNMATCH_H | |
| 239 | 242 | |||
| 240 | /* Have /dev/urandom */ | 243 | /* Have /dev/urandom */ | |
| 241 | #undef HAVE_URANDOM | 244 | #undef HAVE_URANDOM | |
| 242 | 245 | |||
| 243 | /* Define to 1 if you have the `vprintf' function. */ | 246 | /* Define to 1 if you have the `vprintf' function. */ |
--- xsrc/external/mit/xorg-server.old/dist/include/os.h 2016/06/09 09:08:00 1.1.1.1
+++ xsrc/external/mit/xorg-server.old/dist/include/os.h 2017/03/08 07:31:42 1.2
| @@ -485,26 +485,31 @@ extern _X_EXPORT int xstrcasecmp(const c | @@ -485,26 +485,31 @@ extern _X_EXPORT int xstrcasecmp(const c | |||
| 485 | extern _X_EXPORT int xstrncasecmp(const char *s1, const char *s2, size_t n); | 485 | extern _X_EXPORT int xstrncasecmp(const char *s1, const char *s2, size_t n); | |
| 486 | #endif | 486 | #endif | |
| 487 | 487 | |||
| 488 | #if NEED_STRCASESTR | 488 | #if NEED_STRCASESTR | |
| 489 | #define strcasestr xstrcasestr | 489 | #define strcasestr xstrcasestr | |
| 490 | extern _X_EXPORT char *xstrcasestr(const char *s, const char *find); | 490 | extern _X_EXPORT char *xstrcasestr(const char *s, const char *find); | |
| 491 | #endif | 491 | #endif | |
| 492 | 492 | |||
| 493 | #ifndef HAS_STRLCPY | 493 | #ifndef HAS_STRLCPY | |
| 494 | extern _X_EXPORT size_t strlcpy(char *dst, const char *src, size_t siz); | 494 | extern _X_EXPORT size_t strlcpy(char *dst, const char *src, size_t siz); | |
| 495 | extern _X_EXPORT size_t strlcat(char *dst, const char *src, size_t siz); | 495 | extern _X_EXPORT size_t strlcat(char *dst, const char *src, size_t siz); | |
| 496 | #endif | 496 | #endif | |
| 497 | 497 | |||
| 498 | #ifndef HAVE_TIMINGSAFE_MEMCMP | |||
| 499 | extern _X_EXPORT int | |||
| 500 | timingsafe_memcmp(const void *b1, const void *b2, size_t len); | |||
| 501 | #endif | |||
| 502 | ||||
| 498 | /* Logging. */ | 503 | /* Logging. */ | |
| 499 | typedef enum _LogParameter { | 504 | typedef enum _LogParameter { | |
| 500 | XLOG_FLUSH, | 505 | XLOG_FLUSH, | |
| 501 | XLOG_SYNC, | 506 | XLOG_SYNC, | |
| 502 | XLOG_VERBOSITY, | 507 | XLOG_VERBOSITY, | |
| 503 | XLOG_FILE_VERBOSITY | 508 | XLOG_FILE_VERBOSITY | |
| 504 | } LogParameter; | 509 | } LogParameter; | |
| 505 | 510 | |||
| 506 | /* Flags for log messages. */ | 511 | /* Flags for log messages. */ | |
| 507 | typedef enum { | 512 | typedef enum { | |
| 508 | X_PROBED, /* Value was probed */ | 513 | X_PROBED, /* Value was probed */ | |
| 509 | X_CONFIG, /* Value was given in the config file */ | 514 | X_CONFIG, /* Value was given in the config file */ | |
| 510 | X_DEFAULT, /* Value is a default */ | 515 | X_DEFAULT, /* Value is a default */ |
--- xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 2017/03/08 07:18:47 1.2
+++ xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 2017/03/08 07:31:42 1.3
| @@ -72,27 +72,27 @@ MitAddCookie ( | @@ -72,27 +72,27 @@ MitAddCookie ( | |||
| 72 | } | 72 | } | |
| 73 | 73 | |||
| 74 | XID | 74 | XID | |
| 75 | MitCheckCookie ( | 75 | MitCheckCookie ( | |
| 76 | unsigned short data_length, | 76 | unsigned short data_length, | |
| 77 | const char *data, | 77 | const char *data, | |
| 78 | ClientPtr client, | 78 | ClientPtr client, | |
| 79 | char **reason) | 79 | char **reason) | |
| 80 | { | 80 | { | |
| 81 | struct auth *auth; | 81 | struct auth *auth; | |
| 82 | 82 | |||
| 83 | for (auth = mit_auth; auth; auth=auth->next) { | 83 | for (auth = mit_auth; auth; auth=auth->next) { | |
| 84 | if (data_length == auth->len && | 84 | if (data_length == auth->len && | |
| 85 | memcmp (data, auth->data, (int) data_length) == 0) | 85 | timingsafe_memcmp(data, auth->data, (int) data_length) == 0) | |
| 86 | return auth->id; | 86 | return auth->id; | |
| 87 | } | 87 | } | |
| 88 | *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; | 88 | *reason = "Invalid MIT-MAGIC-COOKIE-1 key"; | |
| 89 | return (XID) -1; | 89 | return (XID) -1; | |
| 90 | } | 90 | } | |
| 91 | 91 | |||
| 92 | int | 92 | int | |
| 93 | MitResetCookie (void) | 93 | MitResetCookie (void) | |
| 94 | { | 94 | { | |
| 95 | struct auth *auth, *next; | 95 | struct auth *auth, *next; | |
| 96 | 96 | |||
| 97 | for (auth = mit_auth; auth; auth=next) { | 97 | for (auth = mit_auth; auth; auth=next) { | |
| 98 | next = auth->next; | 98 | next = auth->next; |
/*
* Copyright (c) 2014 Google Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <limits.h>
#include <string.h>
#include <X11/Xfuncproto.h>
#include <dix-config.h>
#include "os.h"
int
timingsafe_memcmp(const void *b1, const void *b2, size_t len)
{
const unsigned char *p1 = b1, *p2 = b2;
size_t i;
int res = 0, done = 0;
for (i = 0; i < len; i++) {
/* lt is -1 if p1[i] < p2[i]; else 0. */
int lt = (p1[i] - p2[i]) >> CHAR_BIT;
/* gt is -1 if p1[i] > p2[i]; else 0. */
int gt = (p2[i] - p1[i]) >> CHAR_BIT;
/* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
int cmp = lt - gt;
/* set res = cmp if !done. */
res |= cmp & ~done;
/* set done if p1[i] != p2[i]. */
done |= lt | gt;
}
return (res);
}
--- xsrc/external/mit/xorg-server.old/include/dix-config.h 2016/09/21 22:11:16 1.2
+++ xsrc/external/mit/xorg-server.old/include/dix-config.h 2017/03/08 07:31:42 1.3
| @@ -219,26 +219,29 @@ | @@ -219,26 +219,29 @@ | |||
| 219 | 219 | |||
| 220 | /* Define to 1 if you have the <sys/stat.h> header file. */ | 220 | /* Define to 1 if you have the <sys/stat.h> header file. */ | |
| 221 | #define HAVE_SYS_STAT_H 1 | 221 | #define HAVE_SYS_STAT_H 1 | |
| 222 | 222 | |||
| 223 | /* Define to 1 if you have the <sys/types.h> header file. */ | 223 | /* Define to 1 if you have the <sys/types.h> header file. */ | |
| 224 | #define HAVE_SYS_TYPES_H 1 | 224 | #define HAVE_SYS_TYPES_H 1 | |
| 225 | 225 | |||
| 226 | /* Define to 1 if you have the <sys/utsname.h> header file. */ | 226 | /* Define to 1 if you have the <sys/utsname.h> header file. */ | |
| 227 | #define HAVE_SYS_UTSNAME_H 1 | 227 | #define HAVE_SYS_UTSNAME_H 1 | |
| 228 | 228 | |||
| 229 | /* Define to 1 if you have the <sys/vm86.h> header file. */ | 229 | /* Define to 1 if you have the <sys/vm86.h> header file. */ | |
| 230 | /* #undef HAVE_SYS_VM86_H */ | 230 | /* #undef HAVE_SYS_VM86_H */ | |
| 231 | 231 | |||
| 232 | /* Define to 1 if you have the `timingsafe_memcmp' function. */ | |||
| 233 | /* #undef HAVE_TIMINGSAFE_MEMCMP */ | |||
| 234 | ||||
| 232 | /* Define to 1 if you have the <tslib.h> header file. */ | 235 | /* Define to 1 if you have the <tslib.h> header file. */ | |
| 233 | /* #undef HAVE_TSLIB_H */ | 236 | /* #undef HAVE_TSLIB_H */ | |
| 234 | 237 | |||
| 235 | /* Define to 1 if you have the <unistd.h> header file. */ | 238 | /* Define to 1 if you have the <unistd.h> header file. */ | |
| 236 | #define HAVE_UNISTD_H 1 | 239 | #define HAVE_UNISTD_H 1 | |
| 237 | 240 | |||
| 238 | /* Define to 1 if you have the <fnmatch.h> header file. */ | 241 | /* Define to 1 if you have the <fnmatch.h> header file. */ | |
| 239 | #define HAVE_FNMATCH_H 1 | 242 | #define HAVE_FNMATCH_H 1 | |
| 240 | 243 | |||
| 241 | /* Have /dev/urandom */ | 244 | /* Have /dev/urandom */ | |
| 242 | /* #undef HAVE_URANDOM */ | 245 | /* #undef HAVE_URANDOM */ | |
| 243 | 246 | |||
| 244 | /* Define to 1 if you have the `vprintf' function. */ | 247 | /* Define to 1 if you have the `vprintf' function. */ |