[PATCH 4/5] os: fix use after free in EstablishNewConnections
Tiago Vignatti
tiago.vignatti at nokia.com
Tue Apr 5 02:57:48 PDT 2011
On 04/04/2011 09:54 PM, ext Jeremy Huddleston wrote:
>> < I just pushed them.
>
> I'll cherry-pick this fix into stable once Keith adds it to master.
okay, thanks Jeremy. So I guess I got a r-b for this one? :)
> On Apr 4, 2011, at 10:54 AM, Tiago Vignatti wrote:
>
>> In the case of failure on AllocNewConnection, new_trans_conn cannot be
>> dereferenced because it's already freed. Swapping the order of this logic fix
>> the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66.
>>
>> Signed-off-by: Tiago Vignatti<tiago.vignatti at nokia.com>
>> CC: Jeremy Huddleston<jeremyhu at freedesktop.org>
>> ---
>> os/connection.c | 7 +++----
>> 1 files changed, 3 insertions(+), 4 deletions(-)
>>
>> diff --git a/os/connection.c b/os/connection.c
>> index 5580fab..0c580ab 100644
>> --- a/os/connection.c
>> +++ b/os/connection.c
>> @@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
>>
>> _XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
>>
>> + if(trans_conn->flags& TRANS_NOXAUTH)
>> + new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
>> +
>> if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
>> {
>> ErrorConnMax(new_trans_conn);
>> _XSERVTransClose(new_trans_conn);
>> }
>> -
>> - if(trans_conn->flags& TRANS_NOXAUTH)
>> - new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
>> -
>> }
>> #ifndef WIN32
>> }
>> --
>> 1.7.0.4
>>
>
More information about the xorg-devel
mailing list