fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-25 16:30:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
xserver/os
History
Keith Packard f7ff55a374 dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6] 
GetHosts saves the pointer to allocated memory in *data, and then
wants to bounds-check writes to that region, but was mistakenly using
a bare 'data' instead of '*data'. Also, data is declared as void **,
so we need a cast to turn it into a byte pointer so we can actually do
pointer comparisons.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 1559a94395)
Signed-off-by: Julien Cristau <jcristau@debian.org>
2014-12-09 20:54:12 +01:00
..
.gitignore dix and os: gitignore dix.O and os.O 2011-09-23 17:14:47 -07:00
access.c dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6] 2014-12-09 20:54:12 +01:00
auth.c os: Clean up warnings 2014-01-12 10:14:49 -08:00
backtrace.c os: use a constant for backtrace array size 2013-11-01 09:39:53 +10:00
busfault.c os: Initialize the set of signals to be suppressed during our handler. 2014-04-21 22:05:00 -07:00
client.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
connection.c ListenOnOpenFD: Remove Resets since this is intended to be for hotplugging connections 2014-08-11 12:52:52 -07:00
io.c If EAGAIN == EWOULDBLOCK, only need to check errno for one of them 2014-01-22 11:30:27 -08:00
log.c os: prevent negative array index access (#80890) 2014-07-10 10:24:04 +10:00
Makefile.am Trap SIGBUS to handle truncated shared memory segments 2013-11-11 15:16:07 -08:00
mitauth.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
oscolor.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
osdep.h os: Hide the Connection{In,Out}put implementation details 2012-09-20 14:40:18 -04:00
osinit.c darwin: Don't leave stdin/stdout closed 2013-12-12 01:30:04 -08:00
rpcauth.c unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091] 2014-12-09 17:50:12 +01:00
strcasecmp.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strcasestr.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcat.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcpy.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strndup.c os: Ensure <dix-config.h> is included in strndup.c 2013-02-14 09:20:46 -08:00
utils.c os: Add -displayfd into -help text 2014-04-30 10:23:54 -07:00
WaitFor.c Replace 'pointer' type with 'void *' 2014-01-12 10:24:11 -08:00
xdmauth.c os: Fix -Wshadow errors 2014-01-22 19:56:31 -08:00
xdmcp.c os: Fix -Wshadow errors 2014-01-22 19:56:31 -08:00
xprintf.c os/xprintf: add Xvscnprintf and Xscnprintf 2012-05-03 14:59:23 +10:00
xsha1.c os: Add libnettle as a choice of SHA1 implementation 2012-11-05 13:34:18 -06:00
xstrans.c Clean up a couple of warnings in os/ 2013-10-31 16:58:12 -07:00