Commit Graph

5693 Commits

Author SHA1 Message Date
matthieu
ce0f69616f Out of boundary access and endless loop in libXtst
A lack of range checks in libXtst allows out of boundary accesses.
The checks have to be done in-place here, because it cannot be done
without in-depth knowledge of the read data.

If XRecordStartOfData, XRecordEndOfData, or XRecordClientDied
without a client sequence have attached data, an endless loop would
occur. The do-while-loop continues until the current index reaches
the end. But in these cases, the current index would not be
incremented, leading to an endless processing.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:08:08 +00:00
matthieu
26cabdb32f Validate lengths while parsing server data.
Individual lengths inside received server data can overflow
the previously reserved memory.

It is therefore important to validate every single length
field to not overflow the previously agreed sum of all invidual
length fields.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:05:13 +00:00
matthieu
9f957a9f79 Avoid OOB write in XRenderQueryFilters
The memory for filter names is reserved right after receiving the reply.
After that, filters are iterated and each individual filter name is
stored in that reserved memory.

The individual name lengths are not checked for validity, which means
that a malicious server can reserve less memory than it will write to
during each iteration.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:03:48 +00:00
matthieu
aebb61b811 Avoid out of boundary accesses on illegal responses
The responses of the connected X server have to be properly checked
to avoid out of boundary accesses that could otherwise be triggered
by a malicious server.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:02:31 +00:00
matthieu
342b1570d2 Properly validate server responses
By validating length fields from server responses, out of boundary
accesses and endless loops can be mitigated.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 15:01:03 +00:00
matthieu
269364ad66 Integer overflow on illegal server response
The 32 bit field "rep.length" is not checked for validity, which allows
an integer overflow on 32 bit systems.

A malicious server could send INT_MAX as length, which gets multiplied
by the size of XRectangle. In that case the client won't read the whole
data from server, getting out of sync.

From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:59:47 +00:00
matthieu
89e55bbf5a Validation of server responses in XGetImage()
Check if enough bytes were received for specified image type and
geometry. Otherwise GetPixel and other functions could trigger an
out of boundary read later on.
From Tobias Stoeckmann / X.Org security advisory Oct 4, 2016
2016-10-04 14:58:26 +00:00
matthieu
bd2560e2ec The validation of server responses avoids out of boundary accesses.
From Tobias Stoeckmann / Xorg Securiry adrvisory Oct 4, 2016.
2016-10-04 14:56:37 +00:00
okan
cdbe6c3bc9 Start simplifying menu code; and in turn, remove a cursor no longer
needed.
2016-10-03 18:43:49 +00:00
okan
6889482fc7 Defaults are split between defines and conf_init(); normalize these, as
well as give 'sticky' groups its own variable.
2016-10-03 14:42:34 +00:00
okan
dcdbf54e85 For both kb and mouse move, it is possible to grab a client and move it
completely off the screen/region; instead, if the pointer is outside of
the client bounds, warp the pointer to the closest edge before moving.
2016-10-03 13:52:17 +00:00
okan
3881d6ad85 client_ptrwarp should not deal with unhiding or raising clients (non ptr
requests); most callers do this already - deal with the few that do not.
client_ptrwarp becomes a simple wrapper (setpos) but it will be expanded.
2016-10-03 13:41:30 +00:00
matthieu
c542153d63 revert pixman-vmx.c to the version of pixman-0.32.8.
gcc 4.2 is not able to compile the new version.
XXX switch back to 0.34 once macppc switches to clang.
2016-10-03 06:57:44 +00:00
matthieu
1a97432a77 Fix ownership of fonts.dir and font.scale files as well as
fontconfig font caches.
mkfontdir and mkfontscale are now run out of font/alias at the end
of the build or install, like fc-cache.
fc-cache is using its -y (sysroot) flag that works if used correctly.
2016-10-02 20:55:09 +00:00
matthieu
400881a786 Fix ownership of /etc/fonts/conf.d/42-luxi-mono.conf link 2016-10-02 20:51:20 +00:00
matthieu
71be0511eb Fix installation of libXaw.so.15.0 link. 2016-10-02 19:11:16 +00:00
matthieu
8587a95e4f fix the ownership of the link /usr/X11R6/bin/X -> Xorg 2016-10-02 17:21:29 +00:00
matthieu
321b9b9f5f regen 2016-10-02 17:17:04 +00:00
matthieu
b0eedeca6e Handle the libXaw.so.xx.y symlink in afterinstall: in Makefile.bsd-wrapper
No more diffs with upstreams in autoconf files;
owneship of links for non-root/noperm installs is handled too.
2016-10-02 17:16:31 +00:00
matthieu
f086547c98 regen 2016-10-02 10:30:28 +00:00
matthieu
d9e10c2579 Remove local patch for platforms without shared libs 2016-10-02 10:30:06 +00:00
matthieu
99edbe0a23 Reduce diffs with upstreams 2016-10-02 10:00:36 +00:00
matthieu
836cc0eece regen 2016-10-02 09:36:26 +00:00
matthieu
245607701d Typo font.dir -> fonts.dir 2016-10-02 09:34:35 +00:00
tb
0ba6be2810 Explicitly set owner and group of the mouse(4) manpage symlink.
Needed for noperm release.

ok matthieu
2016-10-02 09:30:18 +00:00
tb
da27f01d12 Set owner and group of the XScreenSaver(3) manpage symlink.
Needed for noperm release.

ok matthieu
2016-10-02 09:28:53 +00:00
tb
d026ee755f Set owner and group of the mandoc.db, the xetcsum file for sysmerge
and of the app-defaults symlink.  Needed for noperm release.

ok matthieu
2016-10-02 09:25:23 +00:00
tb
2b5da2cd8d Explicitly set owner and group of the symlinks in etc/fonts/conf.d and
of the fonts.dir and fonts.scale indexes. Needed for noperm release.

ok matthieu
2016-10-02 09:23:26 +00:00
tb
c3666a91f0 chown -h symbolic links in conf.d. Needed for noperm release.
There are a few remaining symlinks that will be fixed later.

ok matthieu
2016-10-02 09:19:28 +00:00
tb
7112b55027 Explicitly set owners of the xorg.db locate(1) database and of the
xetc.tgz set for sysmerge.  Needed for noperm release.

ok matthieu
2016-10-02 09:16:22 +00:00
tb
c5b53bf9ac Explicitly set the owner of the shell scripts in etc/X11/xdm and of the
chooser and xdm binaries to BINOWN:BINGRP.  Needed for noperm release.

ok mathieu
2016-10-02 09:12:46 +00:00
matthieu
cb8938ecc4 Update to pixman 0.34.0. 2016-10-01 10:17:43 +00:00
okan
679d00b4fa remove unused proto 2016-09-30 21:44:51 +00:00
okan
5a1d71fd93 Set the initial ptr position during client init, instead of waiting
until (maybe) a ptrwarp call. Likewise, explicitly ensure an inbounds ptr
position (same as initial) when saving.
2016-09-30 20:55:54 +00:00
okan
54cccf114b Use instinsic X11 functions for key/btn/ptr grab/ungrab/regrab requests;
the one line wrappers provided no value and limited altering calls where
needed; additionally, most of them had but one caller.
2016-09-30 18:28:06 +00:00
okan
e49083a483 Replace mousefunc_sweep_draw() with a generic menu_windraw() using va
lists; use it appropriately for both window dimension and position in
the respective mousefunc calls.

ok bryent@
2016-09-30 15:12:19 +00:00
okan
e30959f62f Switch to XWindowEvent() pulling out events that match the mask *and*
window.
2016-09-30 15:05:02 +00:00
okan
035ba40ddc no need to unmap menu window again 2016-09-29 00:30:40 +00:00
okan
1b369f6063 Mechanical change: move screen menu bits to their own struct. 2016-09-29 00:21:55 +00:00
okan
b46a5b0b56 Inline Xft draw and extents wrappers; too much abstraction. 2016-09-28 17:06:33 +00:00
okan
7c35826ca9 Do not call sweep_draw() too early: don't yet have w/h dimensions; plus
we will get a MotionNotify event right away anyway, setting required
parameters.
2016-09-28 15:54:54 +00:00
matthieu
02593ff9e1 pixman: upstreams tarballs contain an empty ChangeLog.
So remove what we have here. Less gratuitous local changes.
2016-09-25 10:31:16 +00:00
matthieu
7c3e92162c update 2016-09-24 19:09:33 +00:00
matthieu
2638f19466 update 2016-09-23 07:15:30 +00:00
okan
374d386034 Continue merging kb and mouse functions: fold
mousefunc_menu_{client,cmd,group} into the respective
kbfunc_menu_{client,cmd,group} functions; simply pass a flag down from
config denoting mouse action behaviour.
2016-09-22 14:36:03 +00:00
okan
c1ac946076 Allow ctrl-[ for abort (esc); from Benjamin Scher Purcell 2016-09-20 19:58:54 +00:00
okan
489250a384 de-static client_inbound() 2016-09-20 19:11:19 +00:00
okan
47ecd2dcf9 remove debug that accidentally snuck in 2016-09-20 18:23:12 +00:00
okan
d9f512008b Get rid of curcc, instead cycle through the queue; removes the need for
client_none().
2016-09-20 18:21:32 +00:00
jca
cdd4bf21cb Make video -i work ootb.
video(1) uses mmap and ioctls by default, those ioctls only work on
video(4) devices.  If -i is passed, use read(2) instead of the mmap(2)
routines, instead of requiring the user to pass also pass the -g flag.
2016-09-16 20:29:03 +00:00