--- gdm-2.0beta2/daemon/xdmcp.c.security2	Tue May  9 11:50:41 2000
+++ gdm-2.0beta2/daemon/xdmcp.c	Tue May  9 12:11:44 2000
@@ -393,12 +393,15 @@
     
     /* Read display port */
     if (! XdmcpReadARRAY8 (&buf, &clnt_port)) {
+	XdmcpDisposeARRAYofARRAY8 (&clnt_addr);
 	gdm_error (_("gdm_xdmcp_handle_forward_query: Could not read display port number"));
 	return;
     }
     
     /* Extract array of authentication names from Xdmcp packet */
     if (! XdmcpReadARRAYofARRAY8 (&buf, &clnt_authlist)) {
+	XdmcpDisposeARRAYofARRAY8 (&clnt_addr);
+	XdmcpDisposeARRAYofARRAY8 (&clnt_port);
 	gdm_error (_("gdm_xdmcp_handle_forward_query: Could not extract authlist from packet")); 
 	return;
     }
@@ -415,7 +418,7 @@
     
     if (len != explen) {
 	gdm_error (_("gdm_xdmcp_handle_forward_query: Error in checksum")); 
-	return;
+	goto out;
     }
     
     /* Find client port number */
@@ -423,7 +426,7 @@
 	port = port*256+clnt_port.data[i];
     
     /* Find client address. Ugly, ugly. Endianness sucks... */
-    memmove (&ia.s_addr, clnt_addr.data, clnt_addr.length);
+    memmove (&ia.s_addr, clnt_addr.data, MIN(clnt_addr.length, sizeof(ia.s_addr)));
     
     gdm_debug ("gdm_xdmcp_handle_forward_query: Got FORWARD_QUERY from display: %s, port %d", 
 	       inet_ntoa (ia), port);
@@ -434,14 +437,18 @@
     disp_sa->sin_port = htons (port);
     disp_sa->sin_addr.s_addr = ia.s_addr;
     
-    /* Cleanup */
-    XdmcpDisposeARRAYofARRAY8 (&clnt_authlist);
-    
     /* Check with tcp_wrappers if display is allowed to access */
     if (gdm_xdmcp_host_allow (disp_sa)) 
 	gdm_xdmcp_send_willing (disp_sa);
     else
 	gdm_xdmcp_send_unwilling (disp_sa, FORWARD_QUERY);
+
+  out:
+    g_free(disp_sa);
+    /* Cleanup */
+    XdmcpDisposeARRAYofARRAY8 (&clnt_authlist);
+    XdmcpDisposeARRAYofARRAY8 (&clnt_port);
+    XdmcpDisposeARRAYofARRAY8 (&clnt_addr);
 }
 
 
@@ -468,7 +475,6 @@
     XdmcpFlush (xdmcpfd, &buf, clnt_sa, sizeof (struct sockaddr_in));
 }
 
-
 static void
 gdm_xdmcp_send_unwilling (struct sockaddr_in *clnt_sa, gint type)
 {
@@ -496,13 +502,13 @@
 static void
 gdm_xdmcp_handle_request (struct sockaddr_in *clnt_sa, gint len)
 {
-    static CARD16 clnt_dspnum;
-    static ARRAY16 clnt_conntyp;
-    static ARRAYofARRAY8 clnt_addr;
-    static ARRAY8 clnt_authname;
-    static ARRAY8 clnt_authdata;
-    static ARRAYofARRAY8 clnt_authorization;
-    static ARRAY8 clnt_manufacturer;
+    CARD16 clnt_dspnum;
+    ARRAY16 clnt_conntyp;
+    ARRAYofARRAY8 clnt_addr;
+    ARRAY8 clnt_authname;
+    ARRAY8 clnt_authdata;
+    ARRAYofARRAY8 clnt_authorization;
+    ARRAY8 clnt_manufacturer;
     gint explen;
     gint i;
     gboolean mitauth = FALSE;
@@ -593,6 +599,13 @@
 	gdm_xdmcp_send_accept (clnt_sa, clnt_dspnum);
     else
 	gdm_xdmcp_send_decline (clnt_sa);	
+
+    XdmcpDisposeARRAY8 (&clnt_authname);
+    XdmcpDisposeARRAY8 (&clnt_authdata);
+    XdmcpDisposeARRAY8 (&clnt_manufacturer);
+    XdmcpDisposeARRAYofARRAY8 (&clnt_addr);
+    XdmcpDisposeARRAYofARRAY8 (&clnt_authorization);
+    XdmcpDisposeARRAY16 (&clnt_conntyp);
 }
 
 
@@ -753,6 +766,8 @@
 	gdm_debug ("gdm_xdmcp_handle_manage: Failed to look up session id %d", clnt_sessid);
 	gdm_xdmcp_send_refuse (clnt_sa, clnt_sessid);
     }
+
+    XdmcpDisposeARRAY8(&clnt_dspclass);
 }