[PATCH 0/5] integer overflows in Xdmx & Xephyr
Alan Coopersmith
alan.coopersmith at oracle.com
Fri May 31 18:00:32 PDT 2013
On 05/23/13 09:27 AM, Alan Coopersmith wrote:
> As part of the report of the security bugs announced this morning, the same
> researcher also reported similar issues in the client-side GLX & DRI code in
> the Xdmx & Xephyr X servers. Since these are not normally installed setuid
> or otherwise with higher privileges than the underlying X servers that they
> connect to, the X.Org security team agreed to treat these as simple bug fixes,
> not security issues.
>
> These are candidates for stable releases as they do fix server crashes, but
> only in rare cases when malformed protocol is sent by the X server they
> display onto.
>
> Alan Coopersmith (5):
> Xdmx: integer overflow in GetGLXVisualConfigs()
> Xdmx: integer overflow in GetGLXFBConfigs()
> Xephyr: integer overflow in ephyrHostGLXGetStringFromServer()
> Xephyr: integer overflow in XF86DRIOpenConnection()
> Xephyr: integer overflow in XF86DRIGetClientDriverName()
>
> hw/dmx/dmx_glxvisuals.c | 25 +++++++++++++++++--------
> hw/kdrive/ephyr/XF86dri.c | 14 ++++++++++----
> hw/kdrive/ephyr/ephyrhostglx.c | 40 +++++++++++++++++++++++-----------------
> 3 files changed, 50 insertions(+), 29 deletions(-)
No volunteers to figure out what I got wrong in these?
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list