[PATCH 4/5] os: fix use after free in EstablishNewConnections
Jeremy Huddleston
jeremyhu at freedesktop.org
Mon Apr 4 11:54:04 PDT 2011
>< I just pushed them.
I'll cherry-pick this fix into stable once Keith adds it to master.
On Apr 4, 2011, at 10:54 AM, Tiago Vignatti wrote:
> In the case of failure on AllocNewConnection, new_trans_conn cannot be
> dereferenced because it's already freed. Swapping the order of this logic fix
> the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66.
>
> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
> CC: Jeremy Huddleston <jeremyhu at freedesktop.org>
> ---
> os/connection.c | 7 +++----
> 1 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/os/connection.c b/os/connection.c
> index 5580fab..0c580ab 100644
> --- a/os/connection.c
> +++ b/os/connection.c
> @@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
>
> _XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
>
> + if(trans_conn->flags & TRANS_NOXAUTH)
> + new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
> +
> if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
> {
> ErrorConnMax(new_trans_conn);
> _XSERVTransClose(new_trans_conn);
> }
> -
> - if(trans_conn->flags & TRANS_NOXAUTH)
> - new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
> -
> }
> #ifndef WIN32
> }
> --
> 1.7.0.4
>
More information about the xorg-devel
mailing list