diff options
Diffstat (limited to 'patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff')
-rw-r--r-- | patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff new file mode 100644 index 000000000..b4d2f0956 --- /dev/null +++ b/patches/source/xorg-server/patch/xorg-server/xorg-server.CVE-2010-2240.diff @@ -0,0 +1,130 @@ +--- ./os/utils.c.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./os/utils.c 2010-08-26 15:54:46.000000000 -0500 +@@ -58,6 +58,36 @@ + #include <signal.h> + #endif + ++/* ++ * issetugid() ++ * ++ * Copyright (C) - 2007 Robert Connolly ++ * ++ * Permission to reproduce, copy, delete, distribute, transmit, use, modify, ++ * build upon or otherwise exploit this software, in any form, for any ++ * purpose, in any way, and by anyone, including by methods that have not ++ * yet been invented or conceived, is hereby granted. ++ */ ++#include <unistd.h> ++extern int __libc_enable_secure; ++int issetugid(void) ++{ ++ if (__libc_enable_secure) ++ { ++ return 1; ++ } ++ if (getuid() != geteuid()) ++ { ++ return 1; ++ } ++ if (getgid() != getegid()) ++ { ++ return 1; ++ } ++ /* Else */ ++ return 0; ++} ++ + #if defined(WIN32) && !defined(__CYGWIN__) + #include <X11/Xwinsock.h> + #endif +@@ -761,6 +791,22 @@ + UseMsg(); + } + #endif ++/* #ifdef RLIMIT_AS ++ else if ( strcmp( argv[i], "-la") == 0) ++ { ++ if (getuid() != 0 && issetugid()) { ++ FatalError("The '-la' option can only be used by root.\n"); ++ } ++ if(++i < argc) ++ { ++ limitAddressSpace = atol(argv[i]); ++ if (limitAddressSpace > 0) ++ limitAddressSpace *= 1024; ++ } ++ else ++ UseMsg(); ++ } ++#endif */ + #ifdef SERVER_LOCK + else if ( strcmp ( argv[i], "-nolock") == 0) + { +--- ./os/osinit.c.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./os/osinit.c 2010-08-26 15:27:45.000000000 -0500 +@@ -99,6 +99,14 @@ + #ifdef macII + set42sig(); + #endif ++#ifdef RLIMIT_AS ++#ifdef _XSERVER64 ++#define XORG_AS_LIMIT 10737418240LL ++#else ++#define XORG_AS_LIMIT 1610612736 ++#endif ++long limitAddressSpace = XORG_AS_LIMIT; ++#endif + + if (!been_here) { + #if !defined(__SCO__) && !defined(__CYGWIN__) && !defined(__UNIXWARE__) +@@ -187,6 +195,22 @@ + } + } + #endif ++#ifdef RLIMIT_AS ++ if (limitAddressSpace >= 0) ++ { ++ struct rlimit rlim; ++ ++ if (!getrlimit(RLIMIT_AS, &rlim)) ++ { ++ if ((limitAddressSpace > 0) ++ && (limitAddressSpace < rlim.rlim_max)) ++ rlim.rlim_cur = limitAddressSpace; ++ else ++ rlim.rlim_cur = rlim.rlim_max; ++ (void)setrlimit(RLIMIT_AS, &rlim); ++ } ++ } ++#endif + LockServer(); + been_here = TRUE; + } +--- ./include/opaque.h.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./include/opaque.h 2010-08-26 15:49:31.000000000 -0500 +@@ -67,6 +67,9 @@ + #ifdef RLIMIT_NOFILE + extern int limitNoFile; + #endif ++#ifdef RLIMIT_AS ++extern long limitAddressSpace; ++#endif + extern Bool defeatAccessControl; + extern long maxBigRequestSize; + extern Bool party_like_its_1989; +--- ./doc/Xserver.man.pre.orig 2009-07-07 12:48:58.000000000 -0500 ++++ ./doc/Xserver.man.pre 2010-08-26 15:27:45.000000000 -0500 +@@ -293,6 +293,13 @@ + A value of zero makes the stack size as large as possible. The default value + of \-1 leaves the stack space limit unchanged. + .TP 8 ++.B \-la \fIkilobytes\fP ++sets the address space limit of the server to the specified number of ++kilobytes. ++A value of zero makes address space as large as possible. ++The default value is 1572864 (1.5GB) on 32 bit architectures and ++10485760 (10GB) on 64 bit architectures. ++.TP 8 + .B \-logo + turns on the X Window System logo display in the screen-saver. + There is currently no way to change this from a client. |