$OpenBSD: patch-src_init_c,v 1.3 2008/05/14 08:27:42 jasper Exp $ --- src/init.c.orig Wed May 14 10:18:05 2008 +++ src/init.c Wed May 14 10:21:24 2008 @@ -1030,38 +1030,40 @@ rxvt_init_resources(rxvt_t* r, int argc, const char *c /* * Open display, get options/resources and create the window */ - if (IS_NULL(rs[Rs_display_name] = getenv("DISPLAY"))) - rs[Rs_display_name] = ":0"; rxvt_get_options( r, r_argc, r_argv ); rxvt_free( r_argv ); /* XXX memory leak? */ #ifdef LOCAL_X_IS_UNIX if( rs[Rs_display_name][0] == ':' ) + /* + * 2008-04-29 gi1242: Force UNIX sockets for security (Gentoo Bug #219750) + */ + if( IS_NULL( rs[Rs_display_name] ) ) + rs[Rs_display_name] = getenv( "DISPLAY" ); + + if( rs[Rs_display_name] && rs[Rs_display_name][0] == ':' ) { - int l = 5 + STRLEN(rs[Rs_display_name]); + char *val; + int l = 5 + STRLEN(rs[Rs_display_name]); if (l <= 0 || l > 1024) /* possible integer overflow */ l = 1024; + val = rxvt_malloc(l); - STRCPY(val, "unix"); - STRNCAT(val, rs[Rs_display_name], l-5); - val[l-1] = (char) 0; - rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", val); - r->Xdisplay = XOpenDisplay(val); - rxvt_free(val); + STRCPY( val, "unix"); + STRNCAT( val, rs[Rs_display_name], l-5); + + rs[Rs_display_name] = val; } -#endif +#endif /* LOCAL_X_IS_UNIX */ - if (IS_NULL(r->Xdisplay)) + rxvt_msg( DBG_INFO, DBG_INIT, "Open X display %s\n", rs[Rs_display_name] ); + r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); + if( IS_NULL(r->Xdisplay) ) { - rxvt_msg (DBG_INFO, DBG_INIT, "Open X display %s\n", - rs[Rs_display_name] ? rs[Rs_display_name] : "nil"); - r->Xdisplay = XOpenDisplay( rs[Rs_display_name] ); - if (IS_NULL(r->Xdisplay)) - { - rxvt_msg (DBG_ERROR, DBG_INIT, "can't open display %s", rs[Rs_display_name] ); - exit( EXIT_FAILURE ); - } + rxvt_msg( DBG_ERROR, DBG_INIT, "Error opening display %s\n", + rs[Rs_display_name] ); + exit( EXIT_FAILURE ); }