gdm/gdm-2.99.0-fix-invalid-read.patch

    Pass size of socket address to gdm_address_new_from_sockaddr_storage
    While sockaddr_storage is big enough to hold most socket address types,
    we can't assume all socket address types will be as big as sockaddr_storage.
    This means when copying a sockaddr, we need to know its size.

--- gdm-2.99.0/common/gdm-address.c.fix-invalid-read
+++ gdm-2.99.0/common/gdm-address.c
@@ -92,14 +92,18 @@ gdm_address_get_family_type (GdmAddress *address)
  * or %NULL if @sa was invalid or the address family isn't supported.
  **/
 GdmAddress *
-gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss)
+gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss,
+                                       size_t                   size)
 {
         GdmAddress *addr;
 
         g_return_val_if_fail (ss != NULL, NULL);
+        g_return_val_if_fail (size >= sizeof (struct sockaddr), NULL);
+        g_return_val_if_fail (size <= sizeof (struct sockaddr_storage), NULL);
 
         addr = g_new0 (GdmAddress, 1);
-        addr->ss = g_memdup (ss, sizeof (struct sockaddr_storage));
+        addr->ss = g_new0 (struct sockaddr_storage, 1);
+        memcpy (addr->ss, ss, size);
 
         return addr;
 }
@@ -315,7 +319,8 @@ gdm_address_peek_local_list (void)
         for (res = result; res != NULL; res = res->ai_next) {
                 GdmAddress *address;
 
-                address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)res->ai_addr);
+                address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)res->ai_addr,
+                                                                 res->ai_addrlen);
                 the_list = g_list_append (the_list, address);
         }
 
--- gdm-2.99.0/common/gdm-address.h.fix-invalid-read
+++ gdm-2.99.0/common/gdm-address.h
@@ -40,7 +40,8 @@ typedef struct _GdmAddress GdmAddress;
 
 GType                    gdm_address_get_type                  (void);
 
-GdmAddress *             gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss);
+GdmAddress *             gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss,
+                                                                size_t                   size);
 
 int                      gdm_address_get_family_type           (GdmAddress              *address);
 struct sockaddr_storage *gdm_address_get_sockaddr_storage      (GdmAddress              *address);
--- gdm-2.99.0/daemon/gdm-xdmcp-display-factory.c.fix-invalid-read
+++ gdm-2.99.0/daemon/gdm-xdmcp-display-factory.c
@@ -446,7 +446,8 @@ do_bind (guint                     port,
                         char       *serv;
                         GdmAddress *addr;
 
-                        addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);
+                        addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr,
+                                                                      ai->ai_addrlen);
 
                         host = NULL;
                         serv = NULL;
@@ -1356,7 +1357,8 @@ create_address_from_request (ARRAY8      *req_addr,
         if (ai != NULL) {
                 found = TRUE;
                 if (address != NULL) {
-                        *address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);
+                        *address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr,
+                                                                          ai->ai_addrlen);
                 }
         }
 
@@ -2629,7 +2631,8 @@ decode_packet (GIOChannel             *source,
                 return TRUE;
         }
 
-        address = gdm_address_new_from_sockaddr_storage (&clnt_ss);
+        address = gdm_address_new_from_sockaddr_storage (&clnt_ss,
+                                                         ss_len);
         if (address == NULL) {
                 g_warning (_("XMDCP: Unable to parse address"));
                 return TRUE;
--- gdm-2.99.0/gui/simple-chooser/gdm-host-chooser-widget.c.fix-invalid-read
+++ gdm-2.99.0/gui/simple-chooser/gdm-host-chooser-widget.c
@@ -237,7 +237,8 @@ decode_packet (GIOChannel           *source,
                 return TRUE;
         }
 
-        address = gdm_address_new_from_sockaddr_storage (&clnt_ss);
+        address = gdm_address_new_from_sockaddr_storage (&clnt_ss,
+                                                         ss_len);
         if (address == NULL) {
                 g_warning (_("XMDCP: Unable to parse address"));
                 return TRUE;
@@ -462,7 +463,8 @@ find_broadcast_addresses (GdmHostChooserWidget *widget)
 
                         g_memmove (&sin, &ifreq.ifr_broadaddr, sizeof (struct sockaddr_in));
                         sin.sin_port = htons (XDM_UDP_PORT);
-                        address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)&sin);
+                        address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)&sin,
+                                                                         sizeof (struct sockaddr_in));
                         if (address != NULL) {
                                 g_debug ("Adding if %s", name);
                                 gdm_address_debug (address);
@@ -518,7 +520,8 @@ add_hosts (GdmHostChooserWidget *widget)
                 for (ai = result; ai != NULL; ai = ai->ai_next) {
                         GdmAddress *address;
 
-                        address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);
+                        address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr,
+                                                                         ai->ai_addrlen);
                         if (address != NULL) {
                                 widget->priv->query_addresses = g_slist_append (widget->priv->query_addresses, address);
                         }
- Add a snapshot from the mccann-gobject branch, totally different unfinished ui... 2007-10-14 03:08:47 +00:00			`Pass size of socket address to gdm_address_new_from_sockaddr_storage`
			`While sockaddr_storage is big enough to hold most socket address types,`
			`we can't assume all socket address types will be as big as sockaddr_storage.`
			`This means when copying a sockaddr, we need to know its size.`

			`--- gdm-2.99.0/common/gdm-address.c.fix-invalid-read`
			`+++ gdm-2.99.0/common/gdm-address.c`
			`@@ -92,14 +92,18 @@ gdm_address_get_family_type (GdmAddress *address)`
			`* or %NULL if @sa was invalid or the address family isn't supported.`
			`**/`
			`GdmAddress *`
			`-gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss)`
			`+gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss,`
			`+ size_t size)`
			`{`
			`GdmAddress *addr;`

			`g_return_val_if_fail (ss != NULL, NULL);`
			`+ g_return_val_if_fail (size >= sizeof (struct sockaddr), NULL);`
			`+ g_return_val_if_fail (size <= sizeof (struct sockaddr_storage), NULL);`

			`addr = g_new0 (GdmAddress, 1);`
			`- addr->ss = g_memdup (ss, sizeof (struct sockaddr_storage));`
			`+ addr->ss = g_new0 (struct sockaddr_storage, 1);`
			`+ memcpy (addr->ss, ss, size);`

			`return addr;`
			`}`
			`@@ -315,7 +319,8 @@ gdm_address_peek_local_list (void)`
			`for (res = result; res != NULL; res = res->ai_next) {`
			`GdmAddress *address;`

			`- address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)res->ai_addr);`
			`+ address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)res->ai_addr,`
			`+ res->ai_addrlen);`
			`the_list = g_list_append (the_list, address);`
			`}`

			`--- gdm-2.99.0/common/gdm-address.h.fix-invalid-read`
			`+++ gdm-2.99.0/common/gdm-address.h`
			`@@ -40,7 +40,8 @@ typedef struct _GdmAddress GdmAddress;`

			`GType gdm_address_get_type (void);`

			`-GdmAddress * gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss);`
			`+GdmAddress * gdm_address_new_from_sockaddr_storage (struct sockaddr_storage *ss,`
			`+ size_t size);`

			`int gdm_address_get_family_type (GdmAddress *address);`
			`struct sockaddr_storage gdm_address_get_sockaddr_storage (GdmAddress address);`
			`--- gdm-2.99.0/daemon/gdm-xdmcp-display-factory.c.fix-invalid-read`
			`+++ gdm-2.99.0/daemon/gdm-xdmcp-display-factory.c`
			`@@ -446,7 +446,8 @@ do_bind (guint port,`
			`char *serv;`
			`GdmAddress *addr;`

			`- addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);`
			`+ addr = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr,`
			`+ ai->ai_addrlen);`

			`host = NULL;`
			`serv = NULL;`
			`@@ -1356,7 +1357,8 @@ create_address_from_request (ARRAY8 *req_addr,`
			`if (ai != NULL) {`
			`found = TRUE;`
			`if (address != NULL) {`
			`- address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage )ai->ai_addr);`
			`+ address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage )ai->ai_addr,`
			`+ ai->ai_addrlen);`
			`}`
			`}`

			`@@ -2629,7 +2631,8 @@ decode_packet (GIOChannel *source,`
			`return TRUE;`
			`}`

			`- address = gdm_address_new_from_sockaddr_storage (&clnt_ss);`
			`+ address = gdm_address_new_from_sockaddr_storage (&clnt_ss,`
			`+ ss_len);`
			`if (address == NULL) {`
			`g_warning (_("XMDCP: Unable to parse address"));`
			`return TRUE;`
			`--- gdm-2.99.0/gui/simple-chooser/gdm-host-chooser-widget.c.fix-invalid-read`
			`+++ gdm-2.99.0/gui/simple-chooser/gdm-host-chooser-widget.c`
			`@@ -237,7 +237,8 @@ decode_packet (GIOChannel *source,`
			`return TRUE;`
			`}`

			`- address = gdm_address_new_from_sockaddr_storage (&clnt_ss);`
			`+ address = gdm_address_new_from_sockaddr_storage (&clnt_ss,`
			`+ ss_len);`
			`if (address == NULL) {`
			`g_warning (_("XMDCP: Unable to parse address"));`
			`return TRUE;`
			`@@ -462,7 +463,8 @@ find_broadcast_addresses (GdmHostChooserWidget *widget)`

			`g_memmove (&sin, &ifreq.ifr_broadaddr, sizeof (struct sockaddr_in));`
			`sin.sin_port = htons (XDM_UDP_PORT);`
			`- address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)&sin);`
			`+ address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)&sin,`
			`+ sizeof (struct sockaddr_in));`
			`if (address != NULL) {`
			`g_debug ("Adding if %s", name);`
			`gdm_address_debug (address);`
			`@@ -518,7 +520,8 @@ add_hosts (GdmHostChooserWidget *widget)`
			`for (ai = result; ai != NULL; ai = ai->ai_next) {`
			`GdmAddress *address;`

			`- address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr);`
			`+ address = gdm_address_new_from_sockaddr_storage ((struct sockaddr_storage *)ai->ai_addr,`
			`+ ai->ai_addrlen);`
			`if (address != NULL) {`
			`widget->priv->query_addresses = g_slist_append (widget->priv->query_addresses, address);`
			`}`