Bug #6213: Check geteuid's return value, not its address, otherwise

unprivileged users can set the modulepath and run arbitrary code. Patch
    from Matthieu Herrb. (CVE-2006-0745, Coverity #4)
Bump to 1.0.2.

ChangeLog

@@ -1,3 +1,13 @@
+2006-03-20  Adam Jackson  <ajax@freedesktop.org>
+
+	* hw/xfree86/common/xf86Init.c:
+	Bug #6213: Check geteuid's return value, not its address, otherwise
+	unprivileged users can set the modulepath and run arbitrary code.
+	Patch from Matthieu Herrb.  (CVE-2006-0745, Coverity #4)
+
+	* configure.ac:
+	Bump to 1.0.2.
+
 2006-03-16  Adam Jackson  <ajax@freedesktop.org>
 
 	* render/picture.c:

configure.ac

@@ -25,7 +25,7 @@ dnl Process this file with autoconf to create configure.
 AC_PREREQ(2.57)
 dnl This is the not the Xorg version number, it's the server version number.
 dnl Yes, that's weird.
-AC_INIT([xorg-server], 1.0.1, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
+AC_INIT([xorg-server], 1.0.2, [https://bugs.freedesktop.org/enter_bug.cgi?product=xorg], xorg-server)
 AC_CONFIG_SRCDIR([Makefile.am])
 AM_INIT_AUTOMAKE([dist-bzip2 foreign])
 AM_MAINTAINER_MODE

hw/xfree86/common/xf86Init.c

@@ -1,5 +1,5 @@
 /* $XFree86: xc/programs/Xserver/hw/xfree86/common/xf86Init.c,v 3.212 2004/01/27 01:31:45 dawes Exp $ */
-/* $XdotOrg: $ */
+/* $XdotOrg: xserver/xorg/hw/xfree86/common/xf86Init.c,v 1.29 2005/12/14 20:11:16 ajax Exp $ */
 
 /*
  * Loosely based on code bearing the following copyright:
@@ -1376,7 +1376,7 @@ ddxProcessArgument(int argc, char **argv, int i)
     }
   
   /* First the options that are only allowed for root */
-  if (getuid() == 0 || geteuid != 0)
+  if (getuid() == 0 || geteuid() != 0)
   {
     if (!strcmp(argv[i], "-modulepath"))
     {
@@ -1679,7 +1679,7 @@ ddxProcessArgument(int argc, char **argv, int i)
   }
   if (!strcmp(argv[i], "-configure"))
   {
-    if (getuid() != 0 && geteuid == 0) {
+    if (getuid() != 0 && geteuid() == 0) {
 	ErrorF("The '-configure' option can only be used by root.\n");
 	exit(1);
     }