fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-04-04 06:10:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/os
History
Alan Coopersmith f1365eb0ec unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091] 
authdes_ezdecode() calls malloc() using a length provided by the
connection handshake sent by a newly connected client in order
to authenticate to the server, so should be treated as untrusted.

It didn't check if malloc() failed before writing to the newly
allocated buffer, so could lead to a server crash if the server
fails to allocate memory (up to UINT16_MAX bytes, since the len
field is a CARD16 in the X protocol).

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 90cc925c59)
Signed-off-by: Julien Cristau <jcristau@debian.org>
2014-12-09 17:50:12 +01:00
..
.gitignore dix and os: gitignore dix.O and os.O 2011-09-23 17:14:47 -07:00
access.c Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
auth.c os: Clean up warnings 2014-01-12 10:14:49 -08:00
backtrace.c os: use a constant for backtrace array size 2013-11-01 09:39:53 +10:00
busfault.c os: Initialize the set of signals to be suppressed during our handler. 2014-04-21 22:05:00 -07:00
client.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
connection.c ListenOnOpenFD: Remove Resets since this is intended to be for hotplugging connections 2014-08-11 12:52:52 -07:00
io.c If EAGAIN == EWOULDBLOCK, only need to check errno for one of them 2014-01-22 11:30:27 -08:00
log.c os: prevent negative array index access (#80890) 2014-07-10 10:24:04 +10:00
Makefile.am Trap SIGBUS to handle truncated shared memory segments 2013-11-11 15:16:07 -08:00
mitauth.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
oscolor.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
osdep.h os: Hide the Connection{In,Out}put implementation details 2012-09-20 14:40:18 -04:00
osinit.c darwin: Don't leave stdin/stdout closed 2013-12-12 01:30:04 -08:00
rpcauth.c unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091] 2014-12-09 17:50:12 +01:00
strcasecmp.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strcasestr.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcat.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcpy.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strndup.c os: Ensure <dix-config.h> is included in strndup.c 2013-02-14 09:20:46 -08:00
utils.c os: Add -displayfd into -help text 2014-04-30 10:23:54 -07:00
WaitFor.c Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
xdmauth.c os: Fix -Wshadow errors 2014-01-22 19:56:31 -08:00
xdmcp.c os: Fix -Wshadow errors 2014-01-22 19:56:31 -08:00
xprintf.c os/xprintf: add Xvscnprintf and Xscnprintf 2012-05-03 14:59:23 +10:00
xsha1.c os: Add libnettle as a choice of SHA1 implementation 2012-11-05 13:34:18 -06:00
xstrans.c Clean up a couple of warnings in os/ 2013-10-31 16:58:12 -07:00