[X2Go-Commits] [nx-libs] 01/02: Security fixes: X.Org CVE-2013-4396:

git-admin at x2go.org git-admin at x2go.org
Tue Jun 2 18:15:46 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.5.0.x
in repository nx-libs.

commit 586ca14a045fbecc263752ce790ba9a104be8344
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Tue Jun 2 17:59:28 2015 +0200

    Security fixes: X.Org CVE-2013-4396:
    
    v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
    v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan)
    
    Changes:
      - 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
---
 debian/changelog                                   |    6 +++
 ...fter-free-in-dix-dixfonts.c-doImageT.full.patch |   51 ++++++++++++++++++--
 2 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index cb4fb7f..d027112 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -163,6 +163,12 @@ nx-libs (2:3.5.0.32-0x2go1) UNRELEASED; urgency=low
     Backported from Arctica GH 3.6.x branch.
     Affects:
     - 9900-dxpc-license-history.full+lite.patch
+  * Security fixes:
+    - X.Org CVE-2013-4396:
+      v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
+      v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan)
+      Changes:
+      + 1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
 
   [ Bernard Cafarelli ]
   * nx-X11: link to libdl to fix undefined references to 'dlopen' and 'dlsym'.
diff --git a/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch b/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
index 8cb1d0d..4dbda6a 100644
--- a/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
+++ b/debian/patches/1003-Avoid-use-after-free-in-dix-dixfonts.c-doImageT.full.patch
@@ -21,12 +21,14 @@ X server is mostly single threaded, the odds of the free memory having
 invalid contents are low with most malloc implementations when not using
 memory debugging features, but some allocators will definitely overwrite
 the memory there, leading to a likely crash.
+
+v2: Apply to NXdixfonts.c rather than dixfonts.c (Mike DePaulo)
+v3: backport v2 to nx-libs 3.5.0.x (Mihai Moldovan)
+
 ---
  nx-X11/programs/Xserver/dix/dixfonts.c | 5 +++++
  1 file changed, 5 insertions(+)
 
-diff --git a/nx-X11/programs/Xserver/dix/dixfonts.c b/nx-X11/programs/Xserver/dix/dixfonts.c
-index 193f555..42fd647 100644
 --- a/nx-X11/programs/Xserver/dix/dixfonts.c
 +++ b/nx-X11/programs/Xserver/dix/dixfonts.c
 @@ -1559,6 +1559,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
@@ -69,6 +71,45 @@ index 193f555..42fd647 100644
  		err = BadAlloc;
  		goto bail;
  	    }
--- 
-2.1.4
-
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXdixfonts.c
+@@ -1694,6 +1694,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
+ 	    GC *pGC;
+ 	    unsigned char *data;
+ 	    ITclosurePtr new_closure;
++	    ITclosurePtr old_closure;
+ 
+ 	    /* We're putting the client to sleep.  We need to
+ 	       save some state.  Similar problem to that handled
+@@ -1706,6 +1707,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
++	    old_closure = c;
+ 	    *new_closure = *c;
+ 	    c = new_closure;
+ 
+@@ -1713,6 +1715,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
+ 	    if (!data)
+ 	    {
+ 		xfree(c);
++		c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
+@@ -1724,6 +1727,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
+ 	    {
+ 		xfree(c->data);
+ 		xfree(c);
++		c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }
+@@ -1742,6 +1746,7 @@ doImageText(ClientPtr client, register ITclosurePtr c)
+ 		FreeScratchGC(pGC);
+ 		xfree(c->data);
+ 		xfree(c);
++		c = old_closure;
+ 		err = BadAlloc;
+ 		goto bail;
+ 	    }

--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list