$NetBSD: patch-aa,v 1.2 2023/09/11 21:18:49 vins Exp $

* Fix buffer overflows.
* Fix for handling missing auth token case.

--- gnuserv.c.orig	2007-10-20 22:33:25.000000000 +0000
+++ gnuserv.c
@@ -138,7 +138,7 @@ void
 ipc_init (struct msgbuf **msgpp)
 {
   key_t key;			/* messge key */
-  char buf[GSERV_BUFSZ];	/* pathname for key */
+  char buf[GSERV_BUFSZ+1];	/* pathname for key */
 
   sprintf (buf,"%s/gsrv%d",tmpdir,(int)geteuid ());
   creat (buf,0600);
@@ -175,7 +175,7 @@ void
 handle_ipc_request (struct msgbuf *msgp)
 {
   struct msqid_ds msg_st;	/* message status */
-  char buf[GSERV_BUFSZ];
+  char buf[GSERV_BUFSZ+1];
   int len;			/* length of message / read */
   int s, result_len;            /* tag fields on the response from emacs */
   int offset = 0;
@@ -622,7 +622,17 @@ setup_table (void)
 				   sizeof(host_addr), (char *)&host_addr,
 				   strlen(MCOOKIE_SCREEN), MCOOKIE_SCREEN,
 				   strlen(MCOOKIE_X_NAME), MCOOKIE_X_NAME);
-  hosts++;
+
+  if (server_xauth)
+    {
+      if (server_xauth->data)
+        hosts++;
+      else
+	{
+	  XauDisposeAuth (server_xauth);
+	  server_xauth = NULL;
+	}
+    }
 
 #endif /* AUTH_MAGIC_COOKIE */
 
@@ -795,7 +805,7 @@ unix_init (void)
 	     + strlen (server.sun_path) + 1);
   server.sun_len = bindlen;
 #else
-  bindlen = strlen (server.sun_path) + sizeof (server.sun_family);
+  bindlen = strlen (server.sun_path) + 1 + sizeof (server.sun_family);
 #endif
 
   if (bind(ls,(struct sockaddr *)&server,bindlen) < 0)
