fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-05-17 07:48:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/os
History
Matthieu Herrb 3394ae378d Fix CVE-2011-4028: File disclosure vulnerability. 
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.

Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 6ba44b91e3)
(cherry picked from commit f80d233578)
2011-10-21 20:43:19 +02:00
..
access.c Don't crash when asked if a client that has disconnected was local 2010-08-21 14:01:10 -07:00
auth.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
backtrace.c os: don't redefine GNU_SOURCE 2009-09-04 12:51:02 +10:00
connection.c XQuartz: Fix possible NULL dereference in ListenOnOpenFD 2010-04-15 14:13:22 -07:00
io.c os: Return BadLength instead of disconnecting BigReq clients (#4565) 2010-09-30 16:23:13 -07:00
log.c os: don't malloc memory in LogVMessageVerb. 2009-04-19 22:20:18 +10:00
Makefile.am Add platform tests for Dtrace linker magic 2009-10-07 17:24:03 -07:00
mitauth.c Remove a bunch of useless casts. 2009-01-22 02:11:16 -05:00
oscolor.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
osdep.h os: Return BadLength instead of disconnecting BigReq clients (#4565) 2010-09-30 16:23:13 -07:00
osinit.c linux: Yet more malloc() avoidance for backtrace() 2009-08-20 15:43:55 -04:00
rpcauth.c Remove a bunch of useless casts. 2009-01-22 02:11:16 -05:00
strcasecmp.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
strcasestr.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
strlcat.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
strlcpy.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
utils.c Fix CVE-2011-4028: File disclosure vulnerability. 2011-10-21 20:43:19 +02:00
WaitFor.c Update to xextproto 7.0.99.1. 2009-07-15 17:00:05 +10:00
xdmauth.c Remove a bunch of useless casts. 2009-01-22 02:11:16 -05:00
xdmcp.c xdmcp: Don't crash on X -query with more than 255 IP addresses. (#20675) 2009-04-14 10:57:19 -04:00
xprintf.c Rework symbol visibility for easier maintenance 2008-12-03 05:43:34 -02:00
xstrans.c Change HAVE_CONFIG_H to HAVE_DIX_CONFIG_H. 2005-07-03 12:16:29 +00:00