Thanks for the feedback; here are some revised patches
and a third group of patches which fix enough segfaults
by removing implicit function definitions
to allow CDE to startup on x64, albeit to a very buggy desktop.
==
Avoid an infinite loop in ttsession (tooltalk daemon) when /et
Am 08.08.12 09:05, schrieb Frederic Koehler:
> Thanks for the feedback; here are some revised patches
> and a third group of patches which fix enough segfaults
> by removing implicit function definitions
> to allow CDE to startup on x64, albeit to a very buggy desktop.
>
> ==
> Av
Has anyone considered updating CDE's dtksh (Destop Korn Shell, i.e.
ksh93 with Dt, Motif and Xt APIs) to a newer ksh93 release? The
current dtksh uses ksh93d- (the minus representing an alpha version)
and is far from what I'd call "stable". Current ksh93 release is
ksh93u+ (the plus representing a
On Wed, 8 Aug 2012 13:57:34 +0200, Irek Szczesniak wrote:
> Has anyone considered updating CDE's dtksh (Destop Korn Shell, i.e.
> ksh93 with Dt, Motif and Xt APIs) to a newer ksh93 release? The
> current dtksh uses ksh93d- (the minus representing an alpha version)
> and is far from what I'd call "s
"%wc" is Microsoft extension, not supported in every Std C Library. So
if we don't want to print "%wc%wc%wc%wc%..." instead of real chars, we
shall not use it.
Before:
%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wc%wcession[28326]:
_Tt_s_session::s_init(): 1051 (TT_ERR_INTERNAL)!
%wc%wc%wc%wc%wc%wc%w
Use strlen, not sizeof, here. Fixes a segfault on Debian squeeze 64 bit
and most probably other systems, too.
(If the mailer mangles the diff, I can resend it as attachment)
diff --git a/cde/lib/DtSvc/DtUtil1/DtsMM.c b/cde/lib/DtSvc/DtUtil1/DtsMM.c
index dd82d6f..0004afa 100644
--- a/cde/lib/DtS
On Wed, Aug 8, 2012 at 2:14 PM, Pascal Stumpf wrote:
> On Wed, 8 Aug 2012 13:57:34 +0200, Irek Szczesniak wrote:
>> Has anyone considered updating CDE's dtksh (Destop Korn Shell, i.e.
>> ksh93 with Dt, Motif and Xt APIs) to a newer ksh93 release? The
>> current dtksh uses ksh93d- (the minus repres
On Wed, 8 Aug 2012 19:12:07 +0200, Irek Szczesniak wrote:
> On Wed, Aug 8, 2012 at 2:14 PM, Pascal Stumpf wrote:
> > On Wed, 8 Aug 2012 13:57:34 +0200, Irek Szczesniak wrote:
> >> Has anyone considered updating CDE's dtksh (Destop Korn Shell, i.e.
> >> ksh93 with Dt, Motif and Xt APIs) to a newer
On Wed, 8 Aug 2012, Frederic Koehler wrote:
Some comments below:
> Thanks for the feedback; here are some revised patches
> and a third group of patches which fix enough segfaults
> by removing implicit function definitions
> to allow CDE to startup on x64, albeit to a very buggy desktop.
>
> ===
-Original Message-
From: Pascal Stumpf
To: Irek Szczesniak
Cc: cdesktopenv-devel
Sent: Wed, Aug 8, 2012 1:37 pm
Subject: Re: [cdesktopenv-devel] CDE dtksh updated to newer ksh93 release?
On Wed, 8 Aug 2012 19:12:07 +0200, Irek Szczesniak wrote:
> On Wed, Aug 8, 2012 at 2:14 PM, Pas
On Wed, 8 Aug 2012, Marc Balmer wrote:
> Am 08.08.12 09:05, schrieb Frederic Koehler:
[...]
>> -if (stat(TtMntTab, &mount_table_stat)) {
>> +// Must use lstat here; mtab is often a symlink
>
> I'd like to raise the question if we want such C++ style comments or if
> we shou
On Wed, 8 Aug 2012, Marc Balmer wrote:
> After building CDE, and starting dtlogin for the first time, I had a
> deja-vu of the bad kind... The fonts as is are true ugly, because they
> are non-antialiased. But since CDE builds on top of OpenMotif, which
> has had antialiased fonts (and UTF8) sup
On Wed, 8 Aug 2012, Frederic Koehler wrote:
> Definitely nobody should use mkstemp anyway, but it's worth noting why the
> segfault happens, because it's tricky: the code calls basename but forgets
> to include the right header file -- this being C, the compiler just assumes
> its return type is i
On Wed, 8 Aug 2012, Douglas Mencken wrote:
> "%wc" is Microsoft extension, not supported in every Std C Library. So
> if we don't want to print "%wc%wc%wc%wc%..." instead of real chars, we
> shall not use it.
>
Applied, thanks for sending as attachment :)
[...]
--
Jon Trulson
"If the Martian
On Wed, 8 Aug 2012, Marc Balmer wrote:
> Use strlen, not sizeof, here. Fixes a segfault on Debian squeeze 64 bit
> and most probably other systems, too.
>
> (If the mailer mangles the diff, I can resend it as attachment)
>
> diff --git a/cde/lib/DtSvc/DtUtil1/DtsMM.c b/cde/lib/DtSvc/DtUtil1/DtsMM
sizeof(char*) has been used in an attempt to get string's length.
Program received signal SIGSEGV, Segmentation fault.
0x75912dfa in _IO_vfprintf_internal (s=0x7fffdf60,
format=, ap=0x7fffe080) at vfprintf.c:1614
1614vfprintf.c: No such file or directory.
in vfprint
And please, don't forget to mention mblamer from #cde as co-author.
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers ca
On Wed, 8 Aug 2012, Douglas Mencken wrote:
> sizeof(char*) has been used in an attempt to get string's length.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x75912dfa in _IO_vfprintf_internal (s=0x7fffdf60,
>format=, ap=0x7fffe080) at vfprintf.c:1614
> 1614vfp
Hm, I'd be surprised if this patch had any effect: sizeof of a string literal
should give the number of bytes in it [which is a really
weird special case of C, see
http://en.wikipedia.org/wiki/Sizeof#Using_sizeof_with_arrays]
Although, strlen is a lot more obviously correct [curiously,
adding the +
On Wed, 8 Aug 2012, Frederic Koehler wrote:
> Hm, I'd be surprised if this patch had any effect: sizeof of a string literal
> should give the number of bytes in it [which is a really
> weird special case of C, see
> http://en.wikipedia.org/wiki/Sizeof#Using_sizeof_with_arrays]
> Although, strlen i
I believe this fixes vulnerability #3 from CERT CA-1999-11.[1] The other
uses of sprintf in DtAction seem to be safe.
-Rob
[1] https://www.cert.org/advisories/CA-1999-11.html
Signed-off-by: Robert Tomsick
---
cde/programs/dtaction/Main.c |2 +-
1 file changed, 1 insertion(+), 1 deletio
As the subject line says, two minor fixes to dtterm.
-Rob
From 1802d0fb59d438d5ca97507fd1cd51606b161da8 Mon Sep 17 00:00:00 2001
From: Robert Tomsick
Date: Wed, 8 Aug 2012 19:49:45 -0400
Subject: [PATCH 2/2] dtterm: logger - use socklen_t for addrlen in
serve(char, int, int)
Signed-off-by: Ro
On Wed, 8 Aug 2012, Pascal Stumpf wrote:
> On Tue, 07 Aug 2012 21:51:14 +0200, Pascal Stumpf wrote:
>> Ohai.
>>
>> Just informing you guys that I'm currently working on an OpenBSD port.
>> Already got most stuff building and a shitload of patches (though mostly
>> just #ifdef's). I'll probably st
On Wed, 8 Aug 2012, Robert Tomsick wrote:
> As the subject line says, two minor fixes to dtterm.
>
> -Rob
>
Applied, thanks...
--
Jon Trulson
"If the Martian rope-a-dope don't get him, he'll get himself, he'll
come in too fast and punch himself out."
- one of my brothers, refer
On Wed, 8 Aug 2012, Robert Tomsick wrote:
> I believe this fixes vulnerability #3 from CERT CA-1999-11.[1] The other
> uses of sprintf in DtAction seem to be safe.
Applied thanks.
--
Jon Trulson
"If the Martian rope-a-dope don't get him, he'll get himself, he'll
come in too fast and punch
Signed-off-by: Robert Tomsick
---
cde/programs/dthelp/dthelpview/Main.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cde/programs/dthelp/dthelpview/Main.c
b/cde/programs/dthelp/dthelpview/Main.c
index d61c12a..c82e2ad 100644
--- a/cde/programs/dthelp/dthelpview/Main.c
Signed-off-by: Robert Tomsick
---
cde/programs/dthelp/dthelpview/Util.c |1 +
1 file changed, 1 insertion(+)
diff --git a/cde/programs/dthelp/dthelpview/Util.c
b/cde/programs/dthelp/dthelpview/Util.c
index 9a89f94..d7e2813 100644
--- a/cde/programs/dthelp/dthelpview/Util.c
+++ b/cde/progra
Signed-off-by: Robert Tomsick
---
cde/programs/dtscreen/flame.c|1 +
cde/programs/dtscreen/hopalong.c |1 +
cde/programs/dtscreen/image.c|1 +
cde/programs/dtscreen/life.c |1 +
cde/programs/dtscreen/pyro.c |2 ++
cde/programs/dtscreen/qix.c |1 +
cde
Signed-off-by: Robert Tomsick
---
cde/programs/dtscreen/dtscreen.c |1 +
1 file changed, 1 insertion(+)
diff --git a/cde/programs/dtscreen/dtscreen.c b/cde/programs/dtscreen/dtscreen.c
index 5f8c4a1..6c22786 100644
--- a/cde/programs/dtscreen/dtscreen.c
+++ b/cde/programs/dtscreen/dtscreen.
When converting sprintf() to snprintf(), don't use the idiom
char foo[BUFSIZ];
snprintf(foo, BUFSIZ, );
but
char foo[BUFSIZ];
snprintf(foo, sizeo foo, );
because this will automatically catch situations where the size of foo
is later changed, e.g. like foo[BUFSIZ + 8];
The attached pa
I suggest to build CDE with debug symbols on by defaul on Linux. Space
is not a concern these days, but since we are probably going to a period
of pain with this code, easy debugging for everyone would help to find bugs.
Opinions?
The attached patch would turn debugging smbols on, on Linux that
A few more sprintf() to snprintf() conversion.
We need to find a proper way to replace strcpy() and strcat(), maybe
keep a local copy of strlcpy() and strlcat() from OpenBSD around
somewhere? Other suggestions?
>From 6aba055101e8b7c2f0155d76e872125dfd69ef8c Mon Sep 17 00:00:00 2001
From: Marc B
32 matches
Mail list logo
