xhost: Changes to 'master'
Matthieu Herrb
herrb at kemper.freedesktop.org
Tue Jul 17 15:01:20 UTC 2018
xhost.c | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 0c3627bc7dac395c6af8bd1fb747ef3556e95fb4
Author: Tobias Stoeckmann <tobias at stoeckmann.org>
Date: Wed Jul 4 16:20:06 2018 +0200
Prevent OOB access on illegal server response.
While parsing Xorg responses it is possible to trigger an out of
boundary read if the response does not contain enough bytes.
In case of IPv4, the padding normally prevents this, but IPv6
addresses can trigger an out of boundary read.
It takes a hostile xorg-server to reproduce this issue. If
os/access.c is adjusted to always use a length of 1, it is possible
to reproduce it and make it visible with an ASAN-compiled xhost.
Reading past the memory boundary could reveal sensitive information
to external DNS servers, because a lookup will be performed.
Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>
More information about the xorg-commit
mailing list