Synopsis: Fixes buffer overruns in xterm and Xaw library NetBSD versions: 1.3, 1.3.1. Thanks to: XFree86 Project. Reported by XFree86 Project. Index: lib/Xaw/XawIm.c =================================================================== RCS file: /cvsroot/xsrc/xc/lib/Xaw/XawIm.c,v retrieving revision 1.1.1.2 diff -c -r1.1.1.2 XawIm.c *** XawIm.c 1997/06/30 12:41:01 1.1.1.2 --- XawIm.c 1998/05/06 06:51:50 *************** *** 53,58 **** --- 53,59 ---- in this Software without prior written authorization from the X Consortium. */ + /* $XFree86: xc/lib/Xaw/XawIm.c,v 1.1.1.4.2.1 1998/05/01 04:02:42 dawes Exp $ */ #include #include *************** *** 452,458 **** } else { for (i = 0; i < ve->im.im_list_num; i++) { strcpy(modifiers, "@im="); ! strcat(modifiers, ve->im.im_list[i]); if ((p = XSetLocaleModifiers(modifiers)) != NULL && *p && (xim = XOpenIM(XtDisplay(ve->parent), NULL, NULL, NULL)) != NULL) break; --- 453,459 ---- } else { for (i = 0; i < ve->im.im_list_num; i++) { strcpy(modifiers, "@im="); ! strncat(modifiers, ve->im.im_list[i], sizeof(modifiers) - 5/*strlen("@im=")*/); if ((p = XSetLocaleModifiers(modifiers)) != NULL && *p && (xim = XOpenIM(XtDisplay(ve->parent), NULL, NULL, NULL)) != NULL) break; *************** *** 1354,1360 **** strcpy(s, p); save_s = s; ! while(1) { list[i] = s; ss = index(s, ','); if (!ss) { --- 1355,1361 ---- strcpy(s, p); save_s = s; ! while(i < (sizeof(list) / sizeof(list[0]))) { list[i] = s; ss = index(s, ','); if (!ss) { *************** *** 1645,1654 **** if ((vw = SearchVendorShell(inwidg)) && (ve = GetExtPart(vw)) && ve->im.xim && (p = GetIcTableShared(inwidg, ve)) && p->xic) { ! return(XwcLookupString(p->xic, event, buffer_return, bytes_buffer, keysym_return, status_return)); } ! ret = XLookupString( event, tmp_buf, 64, keysym_return, (XComposeStatus*) status_return ); for ( i = 0, tmp_p = tmp_buf, buf_p = buffer_return; i < ret; i++ ) { *buf_p++ = _Xaw_atowc(*tmp_p++); --- 1646,1655 ---- if ((vw = SearchVendorShell(inwidg)) && (ve = GetExtPart(vw)) && ve->im.xim && (p = GetIcTableShared(inwidg, ve)) && p->xic) { ! return(XwcLookupString(p->xic, event, buffer_return, bytes_buffer/sizeof(wchar_t), keysym_return, status_return)); } ! ret = XLookupString( event, tmp_buf, sizeof(tmp_buf), keysym_return, (XComposeStatus*) status_return ); for ( i = 0, tmp_p = tmp_buf, buf_p = buffer_return; i < ret; i++ ) { *buf_p++ = _Xaw_atowc(*tmp_p++); Index: programs/xterm/Tekproc.c =================================================================== RCS file: /cvsroot/xsrc/xc/programs/xterm/Tekproc.c,v retrieving revision 1.1.1.2 diff -c -r1.1.1.2 Tekproc.c *** Tekproc.c 1997/06/30 14:03:06 1.1.1.2 --- Tekproc.c 1998/05/06 06:52:35 *************** *** 74,79 **** --- 74,82 ---- #include #include #include + + #include "xterm.h" + #include "Tekparse.h" #include "data.h" #include "error.h" *************** *** 1724,1731 **** --- 1727,1736 ---- #ifndef X_NOT_POSIX + #ifndef linux #define HAS_WAITPID #endif + #endif #ifdef HAS_WAITPID #include *************** *** 1743,1749 **** int pid; #ifndef HAS_WAITPID int waited; ! int (*chldfunc)(); chldfunc = signal(SIGCHLD, SIG_DFL); #endif --- 1748,1754 ---- int pid; #ifndef HAS_WAITPID int waited; ! SIGNAL_T (*chldfunc) PROTO((int n)); chldfunc = signal(SIGCHLD, SIG_DFL); #endif Index: programs/xterm/charproc.c =================================================================== RCS file: /cvsroot/xsrc/xc/programs/xterm/charproc.c,v retrieving revision 1.1.1.3 diff -c -r1.1.1.3 charproc.c *** charproc.c 1997/08/20 06:28:08 1.1.1.3 --- charproc.c 1998/05/06 06:52:35 *************** *** 3774,3780 **** *s, *ns, *end, - tmp[1024], buf[32]; XIM xim = (XIM) NULL; XIMStyles *xim_styles; --- 3774,3779 ---- *************** *** 3789,3805 **** if ((p = XSetLocaleModifiers("@im=none")) != NULL && *p) xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL); } else { ! strcpy(tmp, term->misc.input_method); ! for(ns=s=tmp; ns && *s;) { while (*s && isspace(*s)) s++; if (!*s) break; if ((ns = end = strchr(s, ',')) == 0) end = s + strlen(s); while (isspace(*end)) end--; - *end = '\0'; strcpy(buf, "@im="); ! strcat(buf, s); if ((p = XSetLocaleModifiers(buf)) != NULL && *p && (xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL)) != NULL) break; --- 3788,3805 ---- if ((p = XSetLocaleModifiers("@im=none")) != NULL && *p) xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL); } else { ! for(ns=s=term->misc.input_method; ns && *s;) { while (*s && isspace(*s)) s++; if (!*s) break; if ((ns = end = strchr(s, ',')) == 0) end = s + strlen(s); while (isspace(*end)) end--; strcpy(buf, "@im="); ! if (end - (s + (sizeof(buf) - 5)) > 0) ! end = s + (sizeof(buf) - 5); ! strncat(buf, s, end - s); ! if ((p = XSetLocaleModifiers(buf)) != NULL && *p && (xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL)) != NULL) break; *************** *** 3824,3831 **** } found = False; ! strcpy(tmp, term->misc.preedit_type); ! for(s = tmp; s && !found;) { while (*s && isspace(*s)) s++; if (!*s) break; if ((ns = end = strchr(s, ',')) != 0) --- 3824,3830 ---- } found = False; ! for(s = term->misc.preedit_type; s && !found;) { while (*s && isspace(*s)) s++; if (!*s) break; if ((ns = end = strchr(s, ',')) != 0) *************** *** 3833,3845 **** else end = s + strlen(s); while (isspace(*end)) end--; - *end = '\0'; ! if (!strcmp(s, "OverTheSpot")) { input_style = (XIMPreeditPosition | XIMStatusArea); ! } else if (!strcmp(s, "OffTheSpot")) { input_style = (XIMPreeditArea | XIMStatusArea); ! } else if (!strcmp(s, "Root")) { input_style = (XIMPreeditNothing | XIMStatusNothing); } for (i = 0; (unsigned short)i < xim_styles->count_styles; i++) --- 3832,3843 ---- else end = s + strlen(s); while (isspace(*end)) end--; ! if (!strncmp(s, "OverTheSpot", end - s)) { input_style = (XIMPreeditPosition | XIMStatusArea); ! } else if (!strncmp(s, "OffTheSpot", end - s)) { input_style = (XIMPreeditArea | XIMStatusArea); ! } else if (!strncmp(s, "Root", end - s)) { input_style = (XIMPreeditNothing | XIMStatusNothing); } for (i = 0; (unsigned short)i < xim_styles->count_styles; i++) *************** *** 4372,4378 **** XtOverrideTranslations(w, original); return; } ! (void) sprintf( mapName, "%sKeymap", params[0] ); (void) strcpy( mapClass, mapName ); if (islower(mapClass[0])) mapClass[0] = toupper(mapClass[0]); XtGetSubresources( w, (XtPointer)&keymap, mapName, mapClass, --- 4370,4376 ---- XtOverrideTranslations(w, original); return; } ! (void) sprintf( mapName, "%.*sKeymap", (int)sizeof(mapName) - 10, params[0] ); (void) strcpy( mapClass, mapName ); if (islower(mapClass[0])) mapClass[0] = toupper(mapClass[0]); XtGetSubresources( w, (XtPointer)&keymap, mapName, mapClass, *************** *** 4790,4796 **** * not be set before the widget's realized, so it's tested separately). */ if(screen->colorMode) { ! if (TextWindow(screen) != 0 && (cc != bg)) { /* we might have a colored foreground/background later */ xgcv.font = screen->fnt_norm->fid; mask = (GCForeground | GCBackground | GCFont); --- 4788,4794 ---- * not be set before the widget's realized, so it's tested separately). */ if(screen->colorMode) { ! if (TextWindow(screen) != 0 && (cc != bg) && (cc != fg)) { /* we might have a colored foreground/background later */ xgcv.font = screen->fnt_norm->fid; mask = (GCForeground | GCBackground | GCFont); Index: programs/xterm/main.c =================================================================== RCS file: /cvsroot/xsrc/xc/programs/xterm/main.c,v retrieving revision 1.1.1.3 diff -c -r1.1.1.3 main.c *** main.c 1997/08/20 06:28:15 1.1.1.3 --- main.c 1998/05/06 06:52:35 *************** *** 3467,3473 **** int i, n, ncap; errstat err; struct caplist *cl; ! char buf[64], numbuf[12]; struct caplist *capvnew; int ttythread(); int xwatchdogthread(); --- 3467,3473 ---- int i, n, ncap; errstat err; struct caplist *cl; ! char buf[64]; struct caplist *capvnew; int ttythread(); int xwatchdogthread(); Index: programs/xterm/misc.c =================================================================== RCS file: /cvsroot/xsrc/xc/programs/xterm/misc.c,v retrieving revision 1.1.1.2 diff -c -r1.1.1.2 misc.c *** misc.c 1997/06/30 14:03:25 1.1.1.2 --- misc.c 1998/05/06 06:52:35 *************** *** 48,60 **** #include #include #include "VTparse.h" #include "data.h" #include "error.h" #include "menu.h" - #include "xterm.h" - #if XtSpecificationRelease < 6 #ifndef X_GETTIMEOFDAY #define X_GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *)0) --- 48,60 ---- #include #include + #include "xterm.h" + #include "VTparse.h" #include "data.h" #include "error.h" #include "menu.h" #if XtSpecificationRelease < 6 #ifndef X_GETTIMEOFDAY #define X_GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *)0) *************** *** 515,521 **** --- 515,523 ---- #if defined(ALLOWLOGGING) || defined(DEBUG) #ifndef X_NOT_POSIX + #ifndef linux #define HAS_WAITPID + #endif #endif /*