From 35e8a37b173990e75b965669aead7749b0dcb017 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Thu, 4 Jul 2024 01:22:50 +0200
Subject: [PATCH] Xext: security: use REQUEST_HEAD_STRUCT and REQUEST_FIELD_*
 macros

Use the new macros to make request struct parsing / field swapping
much easier.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/security.c | 102 ++++++++++++++----------------------------------
 1 file changed, 30 insertions(+), 72 deletions(-)

diff --git a/Xext/security.c b/Xext/security.c
index 3194e7309..c6ed29f1b 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -32,6 +32,7 @@ in this Software without prior written authorization from The Open Group.
 
 #include "dix/dix_priv.h"
 #include "dix/registry_priv.h"
+#include "dix/request_priv.h"
 #include "dix/resource_priv.h"
 #include "include/extinit_priv.h"
 #include "os/audit.h"
@@ -348,7 +349,10 @@ SecurityStartAuthorizationTimer(SecurityAuthorizationPtr pAuth)
 static int
 ProcSecurityQueryVersion(ClientPtr client)
 {
-    /* REQUEST(xSecurityQueryVersionReq); */
+    REQUEST_HEAD_STRUCT(xSecurityQueryVersionReq);
+    REQUEST_FIELD_CARD16(majorVersion);
+    REQUEST_FIELD_CARD16(minorVersion);
+
     xSecurityQueryVersionReply rep = {
         .type = X_Reply,
         .sequenceNumber = client->sequence,
@@ -357,8 +361,6 @@ ProcSecurityQueryVersion(ClientPtr client)
         .minorVersion = SERVER_SECURITY_MINOR_VERSION
     };
 
-    REQUEST_SIZE_MATCH(xSecurityQueryVersionReq);
-
     if (client->swapped) {
         swaps(&rep.sequenceNumber);
         swaps(&rep.majorVersion);
@@ -403,7 +405,25 @@ SecurityEventSelectForAuthorization(SecurityAuthorizationPtr pAuth,
 static int
 ProcSecurityGenerateAuthorization(ClientPtr client)
 {
-    REQUEST(xSecurityGenerateAuthorizationReq);
+    REQUEST_HEAD_AT_LEAST(xSecurityGenerateAuthorizationReq);
+    REQUEST_FIELD_CARD16(nbytesAuthProto);
+    REQUEST_FIELD_CARD16(nbytesAuthData);
+    REQUEST_FIELD_CARD32(valueMask);
+
+    int values_offset = bytes_to_int32(stuff->nbytesAuthProto) +
+            bytes_to_int32(stuff->nbytesAuthData);
+
+    if (values_offset > stuff->length - bytes_to_int32(sz_xSecurityGenerateAuthorizationReq))
+        return BadLength;
+
+    CARD32 *values = (CARD32 *) (&stuff[1]) + values_offset;
+
+    if (client->swapped) {
+        unsigned long nvalues;
+        nvalues = (((CARD32 *) stuff) + stuff->length) - values;
+        SwapLongs(values, nvalues);
+    }
+
     int len;                    /* request length in CARD32s */
     Bool removeAuth = FALSE;    /* if bailout, call RemoveAuthorization? */
     int err;                    /* error to return from this function */
@@ -412,7 +432,6 @@ ProcSecurityGenerateAuthorization(ClientPtr client)
     unsigned int trustLevel;    /* trust level of new auth */
     XID group;                  /* group of new auth */
     CARD32 timeout;             /* timeout of new auth */
-    CARD32 *values;             /* list of supplied attributes */
     char *protoname;            /* auth proto name sent in request */
     char *protodata;            /* auth proto data sent in request */
     unsigned int authdata_len;  /* # bytes of generated auth data */
@@ -421,11 +440,8 @@ ProcSecurityGenerateAuthorization(ClientPtr client)
 
     /* check request length */
 
-    REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
-    len = bytes_to_int32(SIZEOF(xSecurityGenerateAuthorizationReq));
-    len += bytes_to_int32(stuff->nbytesAuthProto);
-    len += bytes_to_int32(stuff->nbytesAuthData);
-    values = ((CARD32 *) stuff) + len;
+    len = bytes_to_int32(sizeof(xSecurityGenerateAuthorizationReq))
+        + values_offset;
     len += Ones(stuff->valueMask);
     if (client->req_len != len)
         return BadLength;
@@ -576,12 +592,12 @@ ProcSecurityGenerateAuthorization(ClientPtr client)
 static int
 ProcSecurityRevokeAuthorization(ClientPtr client)
 {
-    REQUEST(xSecurityRevokeAuthorizationReq);
+    REQUEST_HEAD_STRUCT(xSecurityRevokeAuthorizationReq);
+    REQUEST_FIELD_CARD32(authId);
+
     SecurityAuthorizationPtr pAuth;
     int rc;
 
-    REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq);
-
     rc = dixLookupResourceByType((void **) &pAuth, stuff->authId,
                                  SecurityAuthorizationResType, client,
                                  DixDestroyAccess);
@@ -609,64 +625,6 @@ ProcSecurityDispatch(ClientPtr client)
     }
 }                               /* ProcSecurityDispatch */
 
-static int _X_COLD
-SProcSecurityQueryVersion(ClientPtr client)
-{
-    REQUEST(xSecurityQueryVersionReq);
-    REQUEST_SIZE_MATCH(xSecurityQueryVersionReq);
-    swaps(&stuff->majorVersion);
-    swaps(&stuff->minorVersion);
-    return ProcSecurityQueryVersion(client);
-}                               /* SProcSecurityQueryVersion */
-
-static int _X_COLD
-SProcSecurityGenerateAuthorization(ClientPtr client)
-{
-    REQUEST(xSecurityGenerateAuthorizationReq);
-    CARD32 *values;
-    unsigned long nvalues;
-    int values_offset;
-    REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
-    swaps(&stuff->nbytesAuthProto);
-    swaps(&stuff->nbytesAuthData);
-    swapl(&stuff->valueMask);
-    values_offset = bytes_to_int32(stuff->nbytesAuthProto) +
-        bytes_to_int32(stuff->nbytesAuthData);
-    if (values_offset >
-        client->req_len - bytes_to_int32(sz_xSecurityGenerateAuthorizationReq))
-        return BadLength;
-    values = (CARD32 *) (&stuff[1]) + values_offset;
-    nvalues = (((CARD32 *) stuff) + client->req_len) - values;
-    SwapLongs(values, nvalues);
-    return ProcSecurityGenerateAuthorization(client);
-}                               /* SProcSecurityGenerateAuthorization */
-
-static int _X_COLD
-SProcSecurityRevokeAuthorization(ClientPtr client)
-{
-    REQUEST(xSecurityRevokeAuthorizationReq);
-    REQUEST_SIZE_MATCH(xSecurityRevokeAuthorizationReq);
-    swapl(&stuff->authId);
-    return ProcSecurityRevokeAuthorization(client);
-}                               /* SProcSecurityRevokeAuthorization */
-
-static int _X_COLD
-SProcSecurityDispatch(ClientPtr client)
-{
-    REQUEST(xReq);
-
-    switch (stuff->data) {
-    case X_SecurityQueryVersion:
-        return SProcSecurityQueryVersion(client);
-    case X_SecurityGenerateAuthorization:
-        return SProcSecurityGenerateAuthorization(client);
-    case X_SecurityRevokeAuthorization:
-        return SProcSecurityRevokeAuthorization(client);
-    default:
-        return BadRequest;
-    }
-}                               /* SProcSecurityDispatch */
-
 static void _X_COLD
 SwapSecurityAuthorizationRevokedEvent(xSecurityAuthorizationRevokedEvent * from,
                                       xSecurityAuthorizationRevokedEvent * to)
@@ -1078,7 +1036,7 @@ SecurityExtensionInit(void)
     /* Add extension to server */
     extEntry = AddExtension(SECURITY_EXTENSION_NAME,
                             XSecurityNumberEvents, XSecurityNumberErrors,
-                            ProcSecurityDispatch, SProcSecurityDispatch,
+                            ProcSecurityDispatch, ProcSecurityDispatch,
                             SecurityResetProc, StandardMinorOpcode);
 
     SecurityErrorBase = extEntry->errorBase;