Re: [cdesktopenv-devel] OpenBSD 5.7 AMD64 fails to compile

Mon, 15 Jun 2015 18:29:36 -0700 

On Mon, Jun 15, 2015 at 06:32:30PM -0500, Douglas Carmichael wrote:
...

Please fix your mailer; it's marking patches as application/octet-stream
rather than text/x-diff or similar.

Comments below.

> From: Douglas Carmichael <dcarm...@dcarmichael.net>
> Date: Sun, 14 Jun 2015 11:10:36 -0500
> Subject: [PATCH] Patches to enable compilation on OpenBSD 5.7/FreeBSD 10.1.
> 
> ---
>  cde/doc/util/dbtoman/instant/main.c |  2 +-
>  cde/programs/dtlogin/genauth.c      |  3 +++
>  cde/programs/dtlogin/session.c      | 23 -----------------------
>  3 files changed, 4 insertions(+), 24 deletions(-)
> 
> diff --git a/cde/doc/util/dbtoman/instant/main.c 
> b/cde/doc/util/dbtoman/instant/main.c
> index 712c1ec..74a0add 100644
> --- a/cde/doc/util/dbtoman/instant/main.c
> +++ b/cde/doc/util/dbtoman/instant/main.c
> @@ -585,7 +585,7 @@ ReadESIS(
>               stripNL(buf);
>               if (do_DATAhack && (buf[0] == '\\') && (buf[1] == 'n') )        
> {
>                       buf[0] = -1;            /* simulate "^" command */
> -                     memcpy(&buf[1], &buf[2], strlen(buf)-1);
> +                     memmove(&buf[1], &buf[2], strlen(buf)-1);
>               }

Much better.
> diff --git a/cde/programs/dtlogin/session.c b/cde/programs/dtlogin/session.c
> index 9a42844..5bdb48c 100644
> --- a/cde/programs/dtlogin/session.c
> +++ b/cde/programs/dtlogin/session.c
> @@ -644,8 +644,6 @@ int
>  LoadXloginResources( struct display *d )
>  {
>      char     cmd[1024];
> -    char     *language = NULL;
> -    char     *lang_key="";
>      char     *authority="";
>      char     *auth_key="";
>      char        *resources = NULL;
> @@ -675,27 +673,6 @@ LoadXloginResources( struct display *d )
>               auth_key = "XAUTHORITY=";
>       }
>  
> -     if (d->language && strlen(d->language) > 0 ) {
> -             language = strdup(d->language);
> -             lang_key = "-D";
> -     }
> -
> -     /*
> -      *  replace any "-" or "." in the language name with "_". The C
> -      *  preprocessor used by xrdb does not accept "-" or "." in a name.
> -      */
> -      
> -     while ( (p = strchr(language, '-')) != NULL ) {
> -         *p = '_';
> -     }
> -      
> -     while ( (p = strchr(language, '.')) != NULL ) {
> -         *p = '_';
> -     }
> -                 
> -     free(language);

While this change is functionally equivalent to the original code
(apart from the detail that it's actually valid), I wonder if we
should try to update to match current xdm or make this do the "right"
thing...well, it looks like xdm eliminated this code over a decade
ago.

I see that neither of the CVEs for xdm apply for most builds;
but for "AlphaArchitecture", where SIA is defined, seteuid(0)
is called without error checking...I suppose that cannot be a
privilege escalation, but rather might continue despite failing
to elevate privileges.

Thanks,
Isaac Dunham


------------------------------------------------------------------------------
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

Reply via email to