rpms / xorg-x11-server

Clone
Source Code
GIT

Blame SOURCES/0001-fix-for-ZDI-11426.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   5b80f64996c1a490dd8bad090b08b7e14803c2c5
  2.   SOURCES
  3.   0001-fix-for-ZDI-11426.patch
Blob History Raw
5b80f6 
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
5b80f6 
From: Matthieu Herrb <matthieu@herrb.eu>
5b80f6 
Date: Sat, 25 Jul 2020 19:33:50 +0200
5b80f6 
Subject: [PATCH] fix for ZDI-11426
5b80f6
5b80f6 
Avoid leaking un-initalized memory to clients by zeroing the
5b80f6 
whole pixmap on initial allocation.
5b80f6
5b80f6 
This vulnerability was discovered by:
5b80f6 
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
5b80f6
5b80f6 
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
5b80f6 
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
5b80f6 
---
5b80f6 
 dix/pixmap.c | 2 +-
5b80f6 
 1 file changed, 1 insertion(+), 1 deletion(-)
5b80f6
5b80f6 
diff --git a/dix/pixmap.c b/dix/pixmap.c
5b80f6 
index 1186d7dbb..5a0146bbb 100644
5b80f6 
--- a/dix/pixmap.c
5b80f6 
+++ b/dix/pixmap.c
5b80f6 
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
5b80f6 
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
5b80f6 
         return NullPixmap;
5b80f6
5b80f6 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
5b80f6 
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
5b80f6 
     if (!pPixmap)
5b80f6 
         return NullPixmap;
5b80f6
5b80f6 
--
5b80f6 
2.25.4
5b80f6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation