rpms / xorg-x11-server

Clone
Source Code
GIT

Blame SOURCES/0001-fix-for-ZDI-11426.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   4bbf3fc60cbc017fac74f9e1134bc82c3ba55b4f
  2.   SOURCES
  3.   0001-fix-for-ZDI-11426.patch
Blob History Raw
4bbf3f 
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
4bbf3f 
From: Matthieu Herrb <matthieu@herrb.eu>
4bbf3f 
Date: Sat, 25 Jul 2020 19:33:50 +0200
4bbf3f 
Subject: [PATCH] fix for ZDI-11426
4bbf3f
4bbf3f 
Avoid leaking un-initalized memory to clients by zeroing the
4bbf3f 
whole pixmap on initial allocation.
4bbf3f
4bbf3f 
This vulnerability was discovered by:
4bbf3f 
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
4bbf3f
4bbf3f 
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
4bbf3f 
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
4bbf3f 
---
4bbf3f 
 dix/pixmap.c | 2 +-
4bbf3f 
 1 file changed, 1 insertion(+), 1 deletion(-)
4bbf3f
4bbf3f 
diff --git a/dix/pixmap.c b/dix/pixmap.c
4bbf3f 
index 1186d7dbb..5a0146bbb 100644
4bbf3f 
--- a/dix/pixmap.c
4bbf3f 
+++ b/dix/pixmap.c
4bbf3f 
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
4bbf3f 
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
4bbf3f 
         return NullPixmap;
4bbf3f
4bbf3f 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
4bbf3f 
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
4bbf3f 
     if (!pPixmap)
4bbf3f 
         return NullPixmap;
4bbf3f
4bbf3f 
--
4bbf3f 
2.25.4
4bbf3f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation