Bug#579033: Use of uninitialized clnt_ss in decode_packet
Maximiliano Curia
maxy at debian.org
Thu Jul 29 13:04:22 UTC 2010
Hi,
I've been tracking down this bug and finally found an unitiliazed usage of
clnt_ss in the line 2891 of daemon/gdm-xdmcp-display-factory.c
The code tries to get the size of the struct based on the contents of it,
hence the weird behaviour of gdm trying to answer to an unreacheable address.
The patch is quite simple:
--- debian/gdm3-2.30.2/daemon/gdm-xdmcp-display-factory.c 2010-07-29 09:50:12.000000000 -0300
+++ gdm3-2.30.2/daemon/gdm-xdmcp-display-factory.c 2010-07-29 09:55:58.000000000 -0300
@@ -2887,6 +2887,9 @@
return TRUE;
}
+ /* s_len = (int)gdm_sockaddr_len (&clnt_ss); */
+ ss_len = sizeof(clnt_ss);
+
res = XdmcpFill (factory->priv->socket_fd, &factory->priv->buf, (XdmcpNetaddr)&clnt_ss, &ss_len);
if G_UNLIKELY (! res) {
g_debug ("GdmXdmcpDisplayFactory: Could not create XDMCP buffer!");
Anyway, gdm3 still doesn't work correctly with net.ipv6.bindv6only=1, with
that set only ipv6 queries are answered back.
Thanks,
--
: You are in a dark room with a compiler, emacs, an internet connection,
: and a thermos of coffee.
: Your move ?
Saludos /\/\ /\ >< `/
More information about the pkg-gnome-maintainers
mailing list