frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(!1901) os: auth: protect against duplicate auth keys 

Protect the Add() proto funcs from adding duplicate auth keys.
If adding a duplicate is attempted, the XID of the already
existing one is returned instead.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-03-10 14:46:32 +01:00
parent a901def824
commit 3aee9faba7
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
os/mitauth.c
View File

@ -51,6 +51,13 @@ MitAddCookie(unsigned short data_length, const char *data)
{ {
struct auth *new; struct auth *new;
// check for possible duplicate and return it instead
for (struct auth *walk=mit_auth; walk; walk=walk->next) {
if ((walk->len == data_length) &&
(memcmp(walk->data, data, data_length) == 0))
return walk->id;
}
new = malloc(sizeof(struct auth)); new = malloc(sizeof(struct auth));
if (!new) if (!new)
return 0; return 0;

8
os/xdmauth.c
View File

@ -354,6 +354,14 @@ XdmAddCookie(unsigned short data_length, const char *data)
/* the first octet of the key must be zero */ /* the first octet of the key must be zero */
if (key_bits[0] != '\0') if (key_bits[0] != '\0')
return 0; return 0;
/* check for possible duplicate and return it */
for (XdmAuthorizationRec *walk = xdmAuth; walk; walk=walk->next) {
if ((memcmp(walk->key.data, key_bits, 8)==0) &&
(memcmp(walk->rho.data, rho_bits, 8)==0))
return walk->id;
}
new = malloc(sizeof(XdmAuthorizationRec)); new = malloc(sizeof(XdmAuthorizationRec));
if (!new) if (!new)
return 0; return 0;