From e1315e22db1854cc90081d132ebfbb27d4d4bb0c Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Mon, 25 Aug 2025 17:03:59 +0200
Subject: [PATCH] Xext: security: use x_rpcbuf_t for reply payload assembly

Use x_rpcbuf_t for reply payload and X_SEND_REPLY_WITH_RPCBUF()
for sending it all out.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/security.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/Xext/security.c b/Xext/security.c
index 1cc198097f..b27eab310c 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -403,7 +403,6 @@ ProcSecurityGenerateAuthorization(ClientPtr client)
     Bool removeAuth = FALSE;    /* if bailout, call RemoveAuthorization? */
     int err;                    /* error to return from this function */
     XID authId;                 /* authorization ID assigned by os layer */
-    xSecurityGenerateAuthorizationReply reply;    /* reply struct */
     unsigned int trustLevel;    /* trust level of new auth */
     XID group;                  /* group of new auth */
     CARD32 timeout;             /* timeout of new auth */
@@ -533,31 +532,26 @@ ProcSecurityGenerateAuthorization(ClientPtr client)
 
     /* tell client the auth id and data */
 
-    reply = (xSecurityGenerateAuthorizationReply) {
-        .type = X_Reply,
-        .sequenceNumber = client->sequence,
-        .length = bytes_to_int32(authdata_len),
+    x_rpcbuf_t rpcbuf = { .swapped = client->swapped, .err_clear = TRUE };
+    x_rpcbuf_write_binary_pad(&rpcbuf, pAuthdata, authdata_len);
+
+    xSecurityGenerateAuthorizationReply reply = {
         .authId = authId,
         .dataLength = authdata_len
     };
 
     if (client->swapped) {
-        swapl(&reply.length);
-        swaps(&reply.sequenceNumber);
         swapl(&reply.authId);
         swaps(&reply.dataLength);
     }
 
-    WriteToClient(client, SIZEOF(xSecurityGenerateAuthorizationReply), &reply);
-    WriteToClient(client, authdata_len, pAuthdata);
-
     SecurityAudit
         ("client %d generated authorization %lu trust %d timeout %lu group %lu events %lu\n",
          client->index, (unsigned long)pAuth->id, pAuth->trustLevel, (unsigned long)pAuth->timeout,
          (unsigned long)pAuth->group, (unsigned long)eventMask);
 
     /* the request succeeded; don't call RemoveAuthorization or free pAuth */
-    return Success;
+    return X_SEND_REPLY_WITH_RPCBUF(client, reply, rpcbuf);
 
  bailout:
     if (removeAuth)