xserver

mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-02-07 18:00:28 +01:00

History

Olivier Fourdan bfbb53e0b9 xkb: Fix buffer overflow in XkbVModMaskText() The code in XkbVModMaskText() allocates a fixed sized buffer on the stack and copies the virtual mod name. There's actually two issues in the code that can lead to a buffer overflow. First, the bound check mixes pointers and integers using misplaced parenthesis, defeating the bound check. But even though, if the check fails, the data is still copied, so the stack overflow will occur regardless. Change the logic to skip the copy entirely if the bound check fails. CVE-2025-26595, ZDI-CAN-25545 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit `11fcda8753`) Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1831>		2025-02-25 19:38:11 +01:00
..
ddxBeep.c	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
ddxCtrls.c	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
ddxKillSrv.c	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
ddxLEDs.c	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
ddxLoad.c	os: unexport Fopen(), Fclose(), Popen(), Pclose(), System()	2024-03-09 17:18:46 +00:00
ddxPrivate.c	Introduce a consistent coding style	2012-03-21 13:54:42 -07:00
ddxVT.c	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
maprules.c	xkb: drop defining XKBSRV_NEED_FILE_FUNCS	2024-02-19 00:44:15 +00:00
meson.build	Add a Meson build system alongside autotools.	2017-04-26 15:25:27 -07:00
README.compiled	R6.6 is the Xorg base-line	2003-11-14 15:54:54 +00:00
xkb-procs.h	xkb: rename xkb.h to xkb-procs.h	2022-07-08 14:27:04 +00:00
xkb.c	xkb: Fix buffer overflow in _XkbSetCompatMap()	2024-10-29 16:26:59 +01:00
xkbAccessX.c	xkb: add hook to allow/deny AccessX key repeat	2016-06-03 09:39:42 +02:00
xkbActions.c	Revert "xwayland: Don't run key behaviors and actions"	2025-02-10 15:43:41 +01:00
XKBAlloc.c	Convert XKB to new *allocarray functions	2015-04-21 16:57:54 -07:00
xkbDflts.h	Use ARRAY_SIZE all over the tree	2017-10-30 13:45:20 -04:00
xkbEvents.c	xkb: rename xkb.h to xkb-procs.h	2022-07-08 14:27:04 +00:00
xkbfmisc.c	xkb: drop ununsed XkbNameMatchesPattern()	2024-04-09 06:56:20 +00:00
XKBGAlloc.c	xkb: Fix heap overflow caused by optimized away min.	2020-12-04 18:31:06 -05:00
xkbgeom.h	Drop trailing whitespaces	2014-11-12 10:25:00 +10:00
xkbInit.c	xkb: drop duplicate _X_EXPORT from .c source	2024-03-03 22:34:26 +00:00
xkbLEDs.c	dix: Force update LEDs after device state update in EnableDevice	2023-02-21 03:43:05 +00:00
XKBMAlloc.c	xkb: Always use MAP_LENGTH keymap size	2025-02-04 09:21:04 +01:00
XKBMisc.c	xkb: drop defining XKBSRV_NEED_FILE_FUNCS	2024-02-19 00:44:15 +00:00
xkbout.c	xkb: drop defining XKBSRV_NEED_FILE_FUNCS	2024-02-19 00:44:15 +00:00
xkbPrKeyEv.c	Revert "xwayland: Don't run key behaviors and actions"	2025-02-10 15:43:41 +01:00
xkbSwap.c	xkb: rename xkb.h to xkb-procs.h	2022-07-08 14:27:04 +00:00
xkbtext.c	xkb: Fix buffer overflow in XkbVModMaskText()	2025-02-25 19:38:11 +01:00
xkbUtils.c	xkb: Always use MAP_LENGTH keymap size	2025-02-04 09:21:04 +01:00
XKM_file_format.txt	Fix spelling/wording issues	2020-07-05 13:07:33 -07:00
xkmread.c	xkb: drop never used XkmProbe()	2024-04-09 06:35:05 +00:00

README.compiled

The X server uses this directory to store the compiled version of the
current keymap and/or any scratch keymaps used by clients.  The X server
or some other tool might destroy or replace the files in this directory,
so it is not a safe place to store compiled keymaps for long periods of
time.  The default keymap for any server is usually stored in:
     X<num>-default.xkm
where <num> is the display number of the server in question, which makes
it possible for several servers *on the same host* to share the same 
directory.

Unless the X server is modified, sharing this directory between servers on
different hosts could cause problems.