Wed Mar 8 07:31:42 2017 UTC ()
port to xorg-server 1.10:
--
Log Message:
apply
https://cgit.freedesktop.org/xorg/xserver/commit/?id=d7ac755f0b618eb1259d93c8a16ec6e39a18627c
Use timingsafe_memcmp() to compare MIT-MAGIC-COOKIES CVE-2017-2624
Provide the function definition for systems that don't have it.
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
and
https://cgit.freedesktop.org/xorg/xserver/commit/?id=5c44169caed811e59a65ba346de1cadb46d266ec
os: Squash missing declaration warning for timingsafe_memcmp
timingsafe_memcmp.c:21:1: warning: no previous prototype for `timingsafe_memcmp' [-Wmissing-prototypes]
timingsafe_memcmp(const void *b1, const void *b2, size_t len)
Signed-off-by: Adam Jackson <ajax@redhat.com>
--
(mrg)
diff -r1.1.1.1 -r1.2 xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in
diff -r1.1.1.1 -r1.2 xsrc/external/mit/xorg-server.old/dist/include/os.h
diff -r1.2 -r1.3 xsrc/external/mit/xorg-server.old/dist/os/mitauth.c
diff -r0 -r1.1 xsrc/external/mit/xorg-server.old/dist/os/timingsafe_memcmp.c
diff -r1.2 -r1.3 xsrc/external/mit/xorg-server.old/include/dix-config.h
--- xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 2016/06/09 09:08:00 1.1.1.1
+++ xsrc/external/mit/xorg-server.old/dist/include/dix-config.h.in 2017/03/08 07:31:42 1.2
@@ -228,6 +228,9 @@
/* Define to 1 if you have the <sys/vm86.h> header file. */
#undef HAVE_SYS_VM86_H
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+#undef HAVE_TIMINGSAFE_MEMCMP
+
/* Define to 1 if you have the <tslib.h> header file. */
#undef HAVE_TSLIB_H
--- xsrc/external/mit/xorg-server.old/dist/include/os.h 2016/06/09 09:08:00 1.1.1.1
+++ xsrc/external/mit/xorg-server.old/dist/include/os.h 2017/03/08 07:31:42 1.2
@@ -495,6 +495,11 @@
extern _X_EXPORT size_t strlcat(char *dst, const char *src, size_t siz);
#endif
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+extern _X_EXPORT int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
/* Logging. */
typedef enum _LogParameter {
XLOG_FLUSH,
--- xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 2017/03/08 07:18:47 1.2
+++ xsrc/external/mit/xorg-server.old/dist/os/mitauth.c 2017/03/08 07:31:42 1.3
@@ -82,7 +82,7 @@
for (auth = mit_auth; auth; auth=auth->next) {
if (data_length == auth->len &&
- memcmp (data, auth->data, (int) data_length) == 0)
+ timingsafe_memcmp(data, auth->data, (int) data_length) == 0)
return auth->id;
}
*reason = "Invalid MIT-MAGIC-COOKIE-1 key";
/*
* Copyright (c) 2014 Google Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <limits.h>
#include <string.h>
#include <X11/Xfuncproto.h>
#include <dix-config.h>
#include "os.h"
int
timingsafe_memcmp(const void *b1, const void *b2, size_t len)
{
const unsigned char *p1 = b1, *p2 = b2;
size_t i;
int res = 0, done = 0;
for (i = 0; i < len; i++) {
/* lt is -1 if p1[i] < p2[i]; else 0. */
int lt = (p1[i] - p2[i]) >> CHAR_BIT;
/* gt is -1 if p1[i] > p2[i]; else 0. */
int gt = (p2[i] - p1[i]) >> CHAR_BIT;
/* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
int cmp = lt - gt;
/* set res = cmp if !done. */
res |= cmp & ~done;
/* set done if p1[i] != p2[i]. */
done |= lt | gt;
}
return (res);
}
--- xsrc/external/mit/xorg-server.old/include/dix-config.h 2016/09/21 22:11:16 1.2
+++ xsrc/external/mit/xorg-server.old/include/dix-config.h 2017/03/08 07:31:42 1.3
@@ -229,6 +229,9 @@
/* Define to 1 if you have the <sys/vm86.h> header file. */
/* #undef HAVE_SYS_VM86_H */
+/* Define to 1 if you have the `timingsafe_memcmp' function. */
+/* #undef HAVE_TIMINGSAFE_MEMCMP */
+
/* Define to 1 if you have the <tslib.h> header file. */
/* #undef HAVE_TSLIB_H */