diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-05-25 23:29:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 15:18:32 -0700 |
commit | 8ff4f2f51a6cf07fc33742ce3bee81328896e49b (patch) | |
tree | 4a166b8389404be98a6c098babaa444e2dec8f48 /patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch | |
parent | 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (diff) | |
download | current-14.1.tar.gz current-14.1.tar.xz |
Fri May 25 23:29:36 UTC 201814.1
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz: Rebuilt.
Handle removal of US/Pacific-New timezone. If we see that the machine is
using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch')
-rw-r--r-- | patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch b/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch new file mode 100644 index 000000000..483bd74f9 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/0001-unchecked-malloc-may-allow-unauthed-client-to-crash-.patch @@ -0,0 +1,41 @@ +From 2ecba31ddb5f4b953a0a811fec7fb7470b668f13 Mon Sep 17 00:00:00 2001 +From: Alan Coopersmith <alan.coopersmith@oracle.com> +Date: Fri, 17 Jan 2014 18:54:03 -0800 +Subject: [PATCH 01/31] unchecked malloc may allow unauthed client to crash + Xserver [CVE-2014-8091] + +authdes_ezdecode() calls malloc() using a length provided by the +connection handshake sent by a newly connected client in order +to authenticate to the server, so should be treated as untrusted. + +It didn't check if malloc() failed before writing to the newly +allocated buffer, so could lead to a server crash if the server +fails to allocate memory (up to UINT16_MAX bytes, since the len +field is a CARD16 in the X protocol). + +Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> +Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Fedora X Ninjas <x@fedoraproject.org> +--- + os/rpcauth.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/os/rpcauth.c b/os/rpcauth.c +index bd219ac..c5bf787 100644 +--- a/os/rpcauth.c ++++ b/os/rpcauth.c +@@ -66,6 +66,10 @@ authdes_ezdecode(const char *inmsg, int len) + SVCXPRT xprt; + + temp_inmsg = malloc(len); ++ if (temp_inmsg == NULL) { ++ why = AUTH_FAILED; /* generic error, since there is no AUTH_BADALLOC */ ++ return NULL; ++ } + memmove(temp_inmsg, inmsg, len); + + memset((char *) &msg, 0, sizeof(msg)); +-- +1.9.3 + |