r1696 - in trunk: . libXfont xorg

dnicholson at linuxfromscratch.org dnicholson at linuxfromscratch.org
Wed Oct 11 14:03:36 PDT 2006


Author: dnicholson
Date: 2006-10-11 15:03:34 -0600 (Wed, 11 Oct 2006)
New Revision: 1696

Added:
   trunk/libXfont/
   trunk/libXfont/libXfont-1.1.0-cidfonts-1.patch
   trunk/xorg/libXfont-1.1.0-cidfonts-1.patch
   trunk/xorg/xorg-6.9.0-security-3.patch
Log:
Patches for Xorg Type1 CID fonts vulnerability


Added: trunk/libXfont/libXfont-1.1.0-cidfonts-1.patch
===================================================================
--- trunk/libXfont/libXfont-1.1.0-cidfonts-1.patch	                        (rev 0)
+++ trunk/libXfont/libXfont-1.1.0-cidfonts-1.patch	2006-10-11 21:03:34 UTC (rev 1696)
@@ -0,0 +1 @@
+link ../xorg/libXfont-1.1.0-cidfonts-1.patch
\ No newline at end of file


Property changes on: trunk/libXfont/libXfont-1.1.0-cidfonts-1.patch
___________________________________________________________________
Name: svn:special
   + *

Added: trunk/xorg/libXfont-1.1.0-cidfonts-1.patch
===================================================================
--- trunk/xorg/libXfont-1.1.0-cidfonts-1.patch	                        (rev 0)
+++ trunk/xorg/libXfont-1.1.0-cidfonts-1.patch	2006-10-11 21:03:34 UTC (rev 1696)
@@ -0,0 +1,94 @@
+Submitted By: Dan Nicholson <dnicholson at linuxfromscratch dot org>
+Date: 2006-10-11
+Initial Package Version: 1.1.0
+Origin: http://xorg.freedesktop.org/releases/X11R7.1/patches/
+Upstream Status: Applied
+Description: Fixes a security vulnerability. See the following advisory:
+    http://lists.freedesktop.org/archives/xorg/2006-September/018021.html
+
+diff -pNur libXfont-1.1.0.orig/src/Type1/afm.c libXfont-1.1.0/src/Type1/afm.c
+--- libXfont-1.1.0.orig/src/Type1/afm.c	2005-07-09 23:30:06.000000000 +0000
++++ libXfont-1.1.0/src/Type1/afm.c	2006-10-11 20:30:29.000000000 +0000
+@@ -37,6 +37,8 @@
+ #include <X11/fonts/fontmisc.h>			/* for xalloc/xfree */
+ #include "AFM.h"
+ 
++#include <limits.h>
++
+ #define PBUF 256
+ #define KBUF 20
+ 
+@@ -118,6 +120,11 @@ int CIDAFM(FILE *fd, FontInfo **pfi) {
+             
+             fi->nChars = atoi(p);
+ 
++	    if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) {
++		xfree(afmbuf);
++		xfree(fi);
++		return(1);
++	    }
+             fi->metrics = (Metrics *)xalloc(fi->nChars * 
+                 sizeof(Metrics));
+             if (fi->metrics == NULL) {
+diff -pNur libXfont-1.1.0.orig/src/Type1/scanfont.c libXfont-1.1.0/src/Type1/scanfont.c
+--- libXfont-1.1.0.orig/src/Type1/scanfont.c	2005-07-09 23:30:06.000000000 +0000
++++ libXfont-1.1.0/src/Type1/scanfont.c	2006-10-11 20:30:29.000000000 +0000
+@@ -72,6 +72,8 @@
+ #include "spaces.h"
+ #include "fontfcn.h"
+ #include "blues.h"
++
++#include <limits.h>
+  
+ #if XFONT_CID
+ #define CID_BUFSIZE 80
+@@ -654,6 +656,7 @@ getFDArray(psobj *arrayP)
+   arrayP->data.valueP = tokenStartP;
+ 
+   /* allocate FDArray */
++  /* No integer overflow since arrayP->len is unsigned short */
+   FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont)));
+   if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY);
+ 
+@@ -850,7 +853,8 @@ BuildSubrs(psfont *FontP)
+      }
+      return(SCAN_OK);
+    }
+- 
++   if (N > INT_MAX / sizeof(psobj)) 
++       return (SCAN_ERROR);
+    arrayP = (psobj *)vm_alloc(N*sizeof(psobj));
+    if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY);
+    FontP->Subrs.len = N;
+@@ -911,7 +915,7 @@ BuildCharStrings(psfont *FontP)
+      }
+      else return(rc);  /* if next token was not an Int */
+    }
+-   if (N<=0) return(SCAN_ERROR);
++   if (N<=0 || N > INT_MAX / sizeof(psdict)) return(SCAN_ERROR);
+    /* save number of entries in the dictionary */
+  
+    dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict));
+@@ -1719,6 +1723,10 @@ scan_cidfont(cidfont *CIDFontP, cmapres 
+     if (tokenType == TOKEN_INTEGER)
+       rangecnt = tokenValue.integer;
+ 
++    if (rangecnt < 0 || rangecnt > INT_MAX / sizeof(spacerangecode)) {
++	rc = SCAN_ERROR;
++	break;
++    }
+     /* ==> tokenLength, tokenTooLong, tokenType, and */
+     /* tokenValue are now set                        */
+ 
+diff -pNur libXfont-1.1.0.orig/src/Type1/util.c libXfont-1.1.0/src/Type1/util.c
+--- libXfont-1.1.0.orig/src/Type1/util.c	2005-07-09 23:30:07.000000000 +0000
++++ libXfont-1.1.0/src/Type1/util.c	2006-10-11 20:30:29.000000000 +0000
+@@ -104,7 +104,7 @@ vm_alloc(int bytes)
+   bytes = (bytes + 7) & ~7;
+  
+   /* Allocate the space, if it is available */
+-  if (bytes <= vm_free) {
++  if (bytes > 0 && bytes <= vm_free) {
+     answer = vm_next;
+     vm_free -= bytes;
+     vm_next += bytes;

Added: trunk/xorg/xorg-6.9.0-security-3.patch
===================================================================
--- trunk/xorg/xorg-6.9.0-security-3.patch	                        (rev 0)
+++ trunk/xorg/xorg-6.9.0-security-3.patch	2006-10-11 21:03:34 UTC (rev 1696)
@@ -0,0 +1,486 @@
+Submitted By: Dan Nicholson <dnicholson at linuxfromscratch dot org>
+Date: 2006-08-06
+Initial Package Version: 6.9.0
+Origin: http://xorg.freedesktop.org/releases/X11R6.9.0/patches/ and
+    http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commit;h=50a3e1ad18c815a5adafee22beccdf970bae62d6
+Upstream Status: Applied
+Description: Fixes 4 security vulnerabilities. See the following advisories:
+    http://lists.freedesktop.org/archives/xorg/2006-March/013992.html
+    http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
+    http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
+    http://lists.freedesktop.org/archives/xorg/2006-September/018021.html
+
+diff -pNur xc.orig/config/util/chownxterm.c xc/config/util/chownxterm.c
+--- xc.orig/config/util/chownxterm.c	2003-11-14 16:48:20.000000000 +0000
++++ xc/config/util/chownxterm.c	2006-10-11 20:51:04.000000000 +0000
+@@ -41,8 +41,10 @@ char *prog_name;
+ 
+ void help()
+ {
+-    setgid(getgid());
+-    setuid(getuid());
++    if (setgid(getgid()) == -1) 
++	exit(1);
++    if (setuid(getuid()) == -1)
++	exit(1);
+     printf("chown-xterm makes %s suid root\n", XTERM_PATH);
+     printf("This is necessary on Ultrix for /dev/tty operation.\n");
+     exit(0);
+@@ -51,8 +53,10 @@ void help()
+ void print_error(err_string)
+     char *err_string;
+ {
+-    setgid(getgid());
+-    setuid(getuid());
++    if (setgid(getgid()) == -1)
++	exit(1);
++    if (setuid(getuid()) == -1)
++	exit(1);
+     fprintf(stderr, "%s: \"%s\"", prog_name, err_string);
+     perror(" failed");
+     exit(1);
+diff -pNur xc.orig/lib/X11/lcFile.c xc/lib/X11/lcFile.c
+--- xc.orig/lib/X11/lcFile.c	2005-05-13 22:53:44.000000000 +0000
++++ xc/lib/X11/lcFile.c	2006-10-11 20:51:04.000000000 +0000
+@@ -269,7 +269,11 @@ xlocaledir(
+ 	    if (seteuid(0) != 0) {
+ 		priv = 0;
+ 	    } else {
+-		seteuid(oldeuid);
++		if (seteuid(oldeuid) == -1) {
++		    /* XXX ouch, coudn't get back to original uid 
++		     what can we do ??? */
++		    _exit(127);
++		}
+ 		priv = 1;
+ 	    }
+ #endif
+diff -pNur xc.orig/lib/font/Type1/afm.c xc/lib/font/Type1/afm.c
+--- xc.orig/lib/font/Type1/afm.c	2005-07-09 23:30:06.000000000 +0000
++++ xc/lib/font/Type1/afm.c	2006-10-11 20:51:39.000000000 +0000
+@@ -29,6 +29,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include <limits.h>
+ #else
+ #include "Xmd.h"        /* For INT32 declaration */
+ #include "Xdefs.h"      /* For Bool */
+@@ -118,6 +119,11 @@ int CIDAFM(FILE *fd, FontInfo **pfi) {
+             
+             fi->nChars = atoi(p);
+ 
++	    if (fi->nChars < 0 || fi->nChars > INT_MAX / sizeof(Metrics)) {
++		xfree(afmbuf);
++		xfree(fi);
++		return(1);
++	    }
+             fi->metrics = (Metrics *)xalloc(fi->nChars * 
+                 sizeof(Metrics));
+             if (fi->metrics == NULL) {
+diff -pNur xc.orig/lib/font/Type1/scanfont.c xc/lib/font/Type1/scanfont.c
+--- xc.orig/lib/font/Type1/scanfont.c	2005-07-09 23:30:06.000000000 +0000
++++ xc/lib/font/Type1/scanfont.c	2006-10-11 20:51:39.000000000 +0000
+@@ -57,6 +57,7 @@
+ 
+ #ifndef FONTMODULE
+ #include <string.h>
++#include <limits.h>
+ #else
+ #include "Xdefs.h"	/* Bool declaration */
+ #include "Xmd.h"	/* INT32 declaration */
+@@ -654,6 +655,7 @@ getFDArray(psobj *arrayP)
+   arrayP->data.valueP = tokenStartP;
+ 
+   /* allocate FDArray */
++  /* No integer overflow since arrayP->len is unsigned short */
+   FDArrayP = (psfont *)vm_alloc(arrayP->len*(sizeof(psfont)));
+   if (!(FDArrayP)) return(SCAN_OUT_OF_MEMORY);
+ 
+@@ -850,7 +852,8 @@ BuildSubrs(psfont *FontP)
+      }
+      return(SCAN_OK);
+    }
+- 
++   if (N > INT_MAX / sizeof(psobj)) 
++       return (SCAN_ERROR);
+    arrayP = (psobj *)vm_alloc(N*sizeof(psobj));
+    if (!(arrayP) ) return(SCAN_OUT_OF_MEMORY);
+    FontP->Subrs.len = N;
+@@ -911,7 +914,7 @@ BuildCharStrings(psfont *FontP)
+      }
+      else return(rc);  /* if next token was not an Int */
+    }
+-   if (N<=0) return(SCAN_ERROR);
++   if (N<=0 || N > INT_MAX / sizeof(psdict)) return(SCAN_ERROR);
+    /* save number of entries in the dictionary */
+  
+    dictP = (psdict *)vm_alloc((N+1)*sizeof(psdict));
+@@ -1719,6 +1722,10 @@ scan_cidfont(cidfont *CIDFontP, cmapres 
+     if (tokenType == TOKEN_INTEGER)
+       rangecnt = tokenValue.integer;
+ 
++    if (rangecnt < 0 || rangecnt > INT_MAX / sizeof(spacerangecode)) {
++	rc = SCAN_ERROR;
++	break;
++    }
+     /* ==> tokenLength, tokenTooLong, tokenType, and */
+     /* tokenValue are now set                        */
+ 
+diff -pNur xc.orig/lib/font/Type1/util.c xc/lib/font/Type1/util.c
+--- xc.orig/lib/font/Type1/util.c	2005-07-09 23:30:07.000000000 +0000
++++ xc/lib/font/Type1/util.c	2006-10-11 20:51:39.000000000 +0000
+@@ -104,7 +104,7 @@ vm_alloc(int bytes)
+   bytes = (bytes + 7) & ~7;
+  
+   /* Allocate the space, if it is available */
+-  if (bytes <= vm_free) {
++  if (bytes > 0 && bytes <= vm_free) {
+     answer = vm_next;
+     vm_free -= bytes;
+     vm_next += bytes;
+diff -pNur xc.orig/lib/xtrans/Xtranslcl.c xc/lib/xtrans/Xtranslcl.c
+--- xc.orig/lib/xtrans/Xtranslcl.c	2005-11-08 06:33:26.000000000 +0000
++++ xc/lib/xtrans/Xtranslcl.c	2006-10-11 20:51:04.000000000 +0000
+@@ -360,7 +360,10 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt
+ 	uid_t       saved_euid;
+ 
+ 	saved_euid = geteuid();
+-	setuid( getuid() ); /** sets the euid to the actual/real uid **/
++	/** sets the euid to the actual/real uid **/
++	if (setuid( getuid() ) == -1) {
++		exit(1);
++	}
+ 	if( chown( slave, saved_euid, -1 ) < 0 ) {
+ 		exit( 1 );
+ 		}
+@@ -369,7 +372,13 @@ TRANS(PTSOpenClient)(XtransConnInfo cipt
+     }
+ 
+     waitpid(saved_pid, &exitval, 0);
+-
++    if (WIFEXITED(exitval) && WEXITSTATUS(exitval) != 0) {
++	close(fd);
++	close(server);
++	PRMSG(1, "PTSOpenClient: cannot set the owner of %s\n",
++	      slave, 0, 0);
++	return(-1);
++    }
+     if (chmod(slave, 0666) < 0) {
+ 	close(fd);
+ 	close(server);
+diff -pNur xc.orig/programs/Xserver/hw/xfree86/common/xf86Init.c xc/programs/Xserver/hw/xfree86/common/xf86Init.c
+--- xc.orig/programs/Xserver/hw/xfree86/common/xf86Init.c	2005-12-14 20:12:00.000000000 +0000
++++ xc/programs/Xserver/hw/xfree86/common/xf86Init.c	2006-10-11 20:51:04.000000000 +0000
+@@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv
+     }
+   
+   /* First the options that are only allowed for root */
+-  if (getuid() == 0 || geteuid != 0)
++  if (getuid() == 0 || geteuid() != 0)
+   {
+     if (!strcmp(argv[i], "-modulepath"))
+     {
+@@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv
+   }
+   if (!strcmp(argv[i], "-configure"))
+   {
+-    if (getuid() != 0 && geteuid == 0) {
++    if (getuid() != 0 && geteuid() == 0) {
+ 	ErrorF("The '-configure' option can only be used by root.\n");
+ 	exit(1);
+     }
+@@ -1905,7 +1905,11 @@ xf86RunVtInit(void)
+           FatalError("xf86RunVtInit: fork failed (%s)\n", strerror(errno));
+           break;
+       case 0:  /* child */
+-          setuid(getuid());
++	  if (setuid(getuid()) == -1) {
++	      xf86Msg(X_ERROR, "xf86RunVtInit: setuid failed (%s)\n",
++			 strerror(errno));
++	      exit(255);
++	  }
+           /* set stdin, stdout to the consoleFd */
+           for (i = 0; i < 2; i++) {
+             if (xf86Info.consoleFd != i) {
+diff -pNur xc.orig/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c
+--- xc.orig/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c	2005-07-03 08:53:48.000000000 +0000
++++ xc/programs/Xserver/hw/xfree86/os-support/shared/libc_wrapper.c	2006-10-11 20:51:04.000000000 +0000
+@@ -1270,7 +1270,10 @@ xf86execl(const char *pathname, const ch
+ #ifndef SELF_CONTAINED_WRAPPER
+ 	xf86DisableIO();
+ #endif
+-        setuid(getuid());
++        if (setuid(getuid()) == -1) {
++		ErrorF("xf86Execl: setuid() failed: %s\n", strerror(errno));
++		exit(255);
++	}
+ #if !defined(SELF_CONTAINED_WRAPPER)
+         /* set stdin, stdout to the consoleFD, and leave stderr alone */
+         for (i = 0; i < 2; i++)
+diff -pNur xc.orig/programs/Xserver/hw/xfree86/parser/write.c xc/programs/Xserver/hw/xfree86/parser/write.c
+--- xc.orig/programs/Xserver/hw/xfree86/parser/write.c	2005-07-03 07:01:37.000000000 +0000
++++ xc/programs/Xserver/hw/xfree86/parser/write.c	2006-10-11 20:51:04.000000000 +0000
+@@ -170,7 +170,10 @@ xf86writeConfigFile (const char *filenam
+ 					strerror(errno));
+ 			return 0;
+ 		case 0: /* child */
+-			setuid(getuid());
++			if (setuid(getuid()) == -1) 
++			    FatalError("xf86writeConfigFile(): "
++				"setuid failed(%s)\n", 
++				strerror(errno));
+ 			ret = doWriteConfigFile(filename, cptr);
+ 			exit(ret);
+ 			break;
+diff -pNur xc.orig/programs/Xserver/os/utils.c xc/programs/Xserver/os/utils.c
+--- xc.orig/programs/Xserver/os/utils.c	2005-11-08 06:33:30.000000000 +0000
++++ xc/programs/Xserver/os/utils.c	2006-10-11 20:51:04.000000000 +0000
+@@ -1718,8 +1718,10 @@ System(char *command)
+     case -1:	/* error */
+ 	p = -1;
+     case 0:	/* child */
+-	setgid(getgid());
+-	setuid(getuid());
++	if (setgid(getgid()) == -1)
++	    _exit(127);
++	if (setuid(getuid()) == -1)
++	    _exit(127);
+ 	execl("/bin/sh", "sh", "-c", command, (char *)NULL);
+ 	_exit(127);
+     default:	/* parent */
+@@ -1770,8 +1772,10 @@ Popen(char *command, char *type)
+ 	xfree(cur);
+ 	return NULL;
+     case 0:	/* child */
+-	setgid(getgid());
+-	setuid(getuid());
++	if (setgid(getgid()) == -1)
++	    _exit(127);
++	if (setuid(getuid()) == -1)
++	    _exit(127);
+ 	if (*type == 'r') {
+ 	    if (pdes[1] != 1) {
+ 		/* stdout */
+@@ -1845,8 +1849,10 @@ Fopen(char *file, char *type)
+ 	xfree(cur);
+ 	return NULL;
+     case 0:	/* child */
+-	setgid(getgid());
+-	setuid(getuid());
++	if (setgid(getgid()) == -1)
++	    _exit(127);
++	if (setuid(getuid()) == -1)
++	    _exit(127);
+ 	if (*type == 'r') {
+ 	    if (pdes[1] != 1) {
+ 		/* stdout */
+diff -pNur xc.orig/programs/Xserver/render/mitri.c xc/programs/Xserver/render/mitri.c
+--- xc.orig/programs/Xserver/render/mitri.c	2005-07-03 07:02:08.000000000 +0000
++++ xc/programs/Xserver/render/mitri.c	2006-10-11 20:51:04.000000000 +0000
+@@ -145,7 +145,7 @@ miTriStrip (CARD8	    op,
+     if (npoint < 3)
+ 	return;
+     ntri = npoint - 2;
+-    tris = ALLOCATE_LOCAL (ntri & sizeof (xTriangle));
++    tris = ALLOCATE_LOCAL (ntri * sizeof (xTriangle));
+     if (!tris)
+ 	return;
+     for (tri = tris; npoint >= 3; npoint--, points++, tri++)
+@@ -177,7 +177,7 @@ miTriFan (CARD8		op,
+     if (npoint < 3)
+ 	return;
+     ntri = npoint - 2;
+-    tris = ALLOCATE_LOCAL (ntri & sizeof (xTriangle));
++    tris = ALLOCATE_LOCAL (ntri * sizeof (xTriangle));
+     if (!tris)
+ 	return;
+     first = points++;
+diff -pNur xc.orig/programs/xdm/session.c xc/programs/xdm/session.c
+--- xc.orig/programs/xdm/session.c	2005-11-08 06:33:31.000000000 +0000
++++ xc/programs/xdm/session.c	2006-10-11 20:51:04.000000000 +0000
+@@ -488,8 +488,14 @@ SessionExit (struct display *d, int stat
+     else
+ 	ResetServer (d);
+     if (removeAuth) {
+-	setgid (verify.gid);
+-	setuid (verify.uid);
++	if (setgid (verify.gid) == -1) {
++	    LogError( "SessionExit: setgid: %s\n", strerror(errno));
++	    exit(status);
++	}
++	if (setuid (verify.uid) == -1) {
++	    LogError( "SessionExit: setuid: %s\n", strerror(errno));
++	    exit(status);
++	}
+ 	RemoveUserAuthorization (d, &verify);
+ #ifdef K5AUTH
+ 	/* do like "kdestroy" program */
+diff -pNur xc.orig/programs/xdm/xdmshell.c xc/programs/xdm/xdmshell.c
+--- xc.orig/programs/xdm/xdmshell.c	2005-07-14 22:58:25.000000000 +0000
++++ xc/programs/xdm/xdmshell.c	2006-10-11 20:51:04.000000000 +0000
+@@ -183,7 +183,11 @@ main (
+ #endif
+ 
+     /* make xdm run in a non-setuid environment */
+-    setuid (geteuid());
++    if (setuid (geteuid()) == -1) {
++	fprintf(stderr, "%s: cannot setuid (error %d, %s)\r\n",
++		ProgramName, errno, strerror(errno));
++	exit(1);
++    }
+ 
+     /*
+      * exec /usr/bin/X11/xdm -nodaemon -udpPort 0
+diff -pNur xc.orig/programs/xf86dga/dga.c xc/programs/xf86dga/dga.c
+--- xc.orig/programs/xf86dga/dga.c	2004-04-23 19:54:47.000000000 +0000
++++ xc/programs/xf86dga/dga.c	2006-10-11 20:51:04.000000000 +0000
+@@ -16,6 +16,7 @@
+ #include <X11/Xmd.h>
+ #include <X11/extensions/xf86dga.h>
+ #include <ctype.h>
++#include <errno.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <signal.h>
+@@ -141,7 +142,10 @@ main(int argc, char *argv[])
+ 
+ #ifndef __UNIXOS2__
+    /* Give up root privs */
+-   setuid(getuid());
++   if (setuid(getuid()) == -1) {
++      fprintf(stderr, "Unable to change uid: %s\n", strerror(errno));
++      exit(2);
++   }
+ #endif
+ 
+    XF86DGASetViewPort(dis, DefaultScreen(dis), 0, 0);
+diff -pNur xc.orig/programs/xinit/xinit.c xc/programs/xinit/xinit.c
+--- xc.orig/programs/xinit/xinit.c	2005-10-04 01:27:34.000000000 +0000
++++ xc/programs/xinit/xinit.c	2006-10-11 20:51:04.000000000 +0000
+@@ -692,7 +692,10 @@ static int
+ startClient(char *client[])
+ {
+ 	if ((clientpid = vfork()) == 0) {
+-		setuid(getuid());
++		if (setuid(getuid()) == -1) {
++			Error("cannot change uid: %s\n", strerror(errno));
++			_exit(ERR_EXIT);
++		}
+ 		setpgrp(0, getpid());
+ 		environ = newenviron;
+ #ifdef __UNIXOS2__
+diff -pNur xc.orig/programs/xload/xload.c xc/programs/xload/xload.c
+--- xc.orig/programs/xload/xload.c	2004-04-23 19:54:57.000000000 +0000
++++ xc/programs/xload/xload.c	2006-10-11 20:51:04.000000000 +0000
+@@ -34,7 +34,7 @@ from the X Consortium.
+  * xload - display system load average in a window
+  */
+ 
+-
++#include <errno.h>
+ #include <stdio.h> 
+ #include <stdlib.h>
+ #include <unistd.h>
+@@ -162,8 +162,17 @@ main(int argc, char **argv)
+     /* For security reasons, we reset our uid/gid after doing the necessary
+        system initialization and before calling any X routines. */
+     InitLoadPoint();
+-    setgid(getgid());		/* reset gid first while still (maybe) root */
+-    setuid(getuid());
++    /* reset gid first while still (maybe) root */
++    if (setgid(getgid()) == -1) {
++	    fprintf(stderr, "%s: setgid failed: %s\n", 
++		ProgramName, strerror(errno));
++	    exit(1);
++    }
++    if (setuid(getuid()) == -1) {
++	    fprintf(stderr, "%s: setuid failed: %s\n", 
++		ProgramName, strerror(errno));
++	    exit(1);
++    }
+ 
+     XtSetLanguageProc(NULL, (XtLanguageProc) NULL, NULL);
+ 
+diff -pNur xc.orig/programs/xterm/main.c xc/programs/xterm/main.c
+--- xc.orig/programs/xterm/main.c	2005-12-14 23:28:27.000000000 +0000
++++ xc/programs/xterm/main.c	2006-10-11 20:51:04.000000000 +0000
+@@ -1592,8 +1592,10 @@ main(int argc, char *argv[]ENVP_ARG)
+     Window winToEmbedInto = None;
+ 
+ #ifdef DISABLE_SETUID
+-    seteuid(getuid());
+-    setuid(getuid());
++    if (seteuid(getuid()) == -1)
++	    exit(2);
++    if (setuid(getuid()) == -1)
++	    exit(2);
+ #endif
+ 
+     ProgramName = argv[0];
+@@ -1619,8 +1621,16 @@ main(int argc, char *argv[]ENVP_ARG)
+ 
+ #if defined(USE_UTMP_SETGID)
+     get_pty(NULL, NULL);
+-    seteuid(getuid());
+-    setuid(getuid());
++    if (seteuid(getuid()) == -1) {
++           fprintf(stderr,
++               "%s: unable to change back euid\n", ProgramName);
++           exit(1);
++    }
++    if (setuid(getuid()) == -1) {
++           fprintf(stderr,
++               "%s: unable to change back uid\n", ProgramName);
++           exit(1);
++    }
+ #define get_pty(pty, from) really_get_pty(pty, from)
+ #endif
+ 
+diff -pNur xc.orig/programs/xterm/misc.c xc/programs/xterm/misc.c
+--- xc.orig/programs/xterm/misc.c	2005-12-14 23:28:27.000000000 +0000
++++ xc/programs/xterm/misc.c	2006-10-11 20:51:04.000000000 +0000
+@@ -1094,8 +1094,10 @@ creat_as(uid_t uid, gid_t gid, Bool appe
+     pid = fork();
+     switch (pid) {
+     case 0:			/* child */
+-	setgid(gid);
+-	setuid(uid);
++	if (setgid(gid) == -1)
++	    _exit(ERROR_SETUID);
++	if (setuid(uid) == -1) 
++	    _exit(ERROR_SETUID);
+ 	fd = open(pathname,
+ 		  O_WRONLY | O_CREAT | (append ? O_APPEND : O_EXCL),
+ 		  mode);
+@@ -1262,8 +1264,10 @@ StartLog(TScreen * screen)
+ 	    signal(SIGCHLD, SIG_DFL);
+ 
+ 	    /* (this is redundant) */
+-	    setgid(screen->gid);
+-	    setuid(screen->uid);
++	    if (setgid(screen->gid) == -1)
++		exit(ERROR_SETUID);
++	    if (setuid(screen->uid) == -1)
++		exit(ERROR_SETUID);
+ 
+ 	    execl(shell, shell, "-c", &screen->logfile[1], (void *) 0);
+ 
+diff -pNur xc.orig/programs/xterm/print.c xc/programs/xterm/print.c
+--- xc.orig/programs/xterm/print.c	2005-08-05 16:13:04.000000000 +0000
++++ xc/programs/xterm/print.c	2006-10-11 20:51:04.000000000 +0000
+@@ -387,9 +387,11 @@ charToPrinter(int chr)
+ 		dup2(fileno(stderr), 2);
+ 		close(fileno(stderr));
+ 	    }
+-
+-	    setgid(screen->gid);	/* don't want privileges! */
+-	    setuid(screen->uid);
++	    /* don't want privileges! */
++	    if (setgid(screen->gid) == -1)
++		    exit(2);
++	    if (setuid(screen->uid) == -1)
++		    exit(2);
+ 
+ 	    Printer = popen(screen->printer_command, "w");
+ 	    input = fdopen(my_pipe[0], "r");




More information about the patches mailing list