fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-20 04:40:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/xfixes
History
Olivier Fourdan 909ae27768 xfixes: Check request length for SetClientDisconnectMode 
The handler of XFixesSetClientDisconnectMode does not check the client
request length.

A client could send a shorter request and read data from a former
request.

Fix the issue by checking the request size matches.

CVE-2025-49177

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Fixes: e167299f6 - xfixes: Add ClientDisconnectMode
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit ab02fb96b1)

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2025>
2025-06-17 15:06:09 +02:00
..
cursor.c xfixes: Fix out of bounds access in *ProcXFixesCreatePointerBarrier() 2021-12-15 10:41:19 +02:00
disconnect.c xfixes: Check request length for SetClientDisconnectMode 2025-06-17 15:06:09 +02:00
Makefile.am xfixes: Add ClientDisconnectMode 2021-06-07 17:28:05 +02:00
meson.build xfixes: Add ClientDisconnectMode 2021-06-07 17:28:05 +02:00
region.c xfixes: unvalidated lengths (CVE-2017-12183) 2017-10-10 23:33:44 +02:00
saveset.c xfixes: unvalidated lengths (CVE-2017-12183) 2017-10-10 23:33:44 +02:00
select.c dispatch: Mark swapped dispatch as _X_COLD 2017-03-01 10:16:20 -05:00
xfixes.c XFixes: add version check for byteswapped clients 2021-08-06 11:12:40 -04:00
xfixes.h xfixes: Unexport xfixes.h 2015-07-08 16:40:58 -04:00
xfixesint.h xfixes: Allow the client to upgrade the fixes protocol version 2021-07-01 19:18:19 +00:00