Backport of SVN r1097263 to fix Solaris compilation with [CVE-2010-0436]

git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebase@1117290 283d02a7-25f6-0310-bc7c-ecb5cbfe19da

kcontrol/randr/krandrtray.cpp

@@ -74,8 +74,10 @@ KRandRSystemTray::KRandRSystemTray(QWidget* parent, const char *name)
 
 	randr_display = XOpenDisplay(NULL);
 
-	last_known_x = currentScreen()->currentPixelWidth();
+	if (isValid() == true) {
-	last_known_y = currentScreen()->currentPixelHeight();
+		last_known_x = currentScreen()->currentPixelWidth();
+		last_known_y = currentScreen()->currentPixelHeight();
+	}
 }
 
 void KRandRSystemTray::mousePressEvent(QMouseEvent* e)

kdm/backend/auth.c

@@ -227,6 +227,21 @@ fdOpenW( int fd )
 	return 0;
 }
 
+static FILE *
+mkTempFile( char *nambuf, int namelen )
+{
+	FILE *f;
+	int r;
+
+	for (r = 0; r < 100; r++) {
+		randomStr( nambuf + namelen );
+		if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) )))
+			return f;
+		if (errno != EEXIST)
+			break;
+	}
+	return 0;
+}
 
 #define NAMELEN 255
 
@@ -234,9 +249,7 @@ static FILE *
 MakeServerAuthFile( struct display *d )
 {
 	FILE *f;
-#ifndef HAVE_MKSTEMP
+	int i;
-	int r;
-#endif
 	char cleanname[NAMELEN], nambuf[NAMELEN+128];
 
 	/*
@@ -248,22 +261,11 @@ MakeServerAuthFile( struct display *d )
 	if (mkdir( authDir, 0755 ) < 0  &&  errno != EEXIST)
 		return 0;
 	CleanUpFileName( d->name, cleanname, NAMELEN - 8 );
-#ifdef HAVE_MKSTEMP
+	i = sprintf( nambuf, "%s/A%s-", authDir, cleanname );
-	sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname );
+	if ((f = mkTempFile( nambuf, i ))) {
-	if ((f = fdOpenW( mkstemp( nambuf ) ))) {
 		StrDup( &d->authFile, nambuf );
 		return f;
 	}
-#else
-	for (r = 0; r < 100; r++) {
-		sprintf( nambuf, "%s/A%s-XXXXXX", authDir, cleanname );
-		(void)mktemp( nambuf );
-		if ((f = fdOpenW( open( nambuf, O_WRONLY | O_CREAT | O_EXCL, 0600 ) ))) {
-			StrDup( &d->authFile, nambuf );
-			return f;
-		}
-	}
-#endif
 	return 0;
 }
 
@@ -1131,19 +1133,8 @@ SetUserAuthorization( struct display *d )
 			 * temporary - we can assume, that we are the only ones
 			 * knowing about this file anyway.
 			 */
-#ifdef HAVE_MKSTEMP
+			i = sprintf( name_buf, "%s/.Xauth", d->userAuthDir );
-			sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir );
+			new = mkTempFile( name_buf, i );
-			new = fdOpenW( mkstemp( name_buf ) );
-#else
-			for (i = 0; i < 100; i++) {
-				sprintf( name_buf, "%s/.XauthXXXXXX", d->userAuthDir );
-				(void)mktemp( name_buf );
-				if ((new =
-				     fdOpenW( open( name_buf, O_WRONLY | O_CREAT | O_EXCL,
-				                    0600 ) )))
-					break;
-			}
-#endif
 			if (!new) {
 				LogError( "Can't create authorization file in %s\n",
 				          d->userAuthDir );

kdm/backend/dm.h

@@ -542,6 +542,7 @@ const char *localHostname( void );
 int Reader( int fd, void *buf, int len );
 int Writer( int fd, const void *buf, int len );
 int fGets( char *buf, int max, FILE *f );
+void randomStr( char *s );
 time_t mTime( const char *fn );
 void ListSessions( int flags, struct display *d, void *ctx,
                    void (*emitXSess)( struct display *, struct display *, void * ),

kdm/backend/dm_auth.h

@@ -96,4 +96,10 @@ void AddOtherEntropy( void );
 void AddTimerEntropy( void );
 #endif
 
+#ifdef HAVE_ARC4RANDOM
+# define secureRandom() arc4random()
+#else
+int secureRandom( void );
+#endif
+
 #endif /* _DM_AUTH_H_ */

kdm/backend/genauth.c

@@ -488,3 +488,13 @@ GenerateAuthData( char *auth, int len )
 # endif
 #endif
 }
+
+#ifndef HAVE_ARC4RANDOM
+int
+secureRandom( void )
+{
+	int rslt;
+	GenerateAuthData( (char *)&rslt, sizeof(int) );
+	return rslt & 0x7fffffff;
+}
+#endif

kdm/backend/util.c

@@ -35,6 +35,7 @@ from the copyright holder.
  */
 
 #include "dm.h"
+#include "dm_auth.h"
 #include "dm_error.h"
 
 #include <string.h>
@@ -519,6 +520,20 @@ mTime( const char *fn )
 		return st.st_mtime;
 }
 
+void
+randomStr( char *s )
+{
+	static const char letters[] =
+		"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	unsigned i, rn = secureRandom();
+
+	for (i = 0; i < 6; i++) {
+		*s++ = letters[rn % 62];
+		rn /= 62;
+	}
+	*s = 0;
+}
+
 static int
 StrNChrCnt( const char *s, int slen, char c )
 {