CVE-2013-1940: Fix xf86FlushInput() to drain evdev events too (#950438)
This commit is contained in:
Peter Hutterer
parent
0bc357180c
commit
c2b476eb59
@ -0,0 +1,37 @@
|
||||
From 8647ee8f422e1ea9212d84ae14ef2163793bcdc8 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Airlie <airlied@gmail.com>
|
||||
Date: Wed, 10 Apr 2013 16:09:01 +1000
|
||||
Subject: [PATCH] xf86: fix flush input to work with Linux evdev devices.
|
||||
|
||||
So when we VT switch back and attempt to flush the input devices,
|
||||
we don't succeed because evdev won't return part of an event,
|
||||
since we were only asking for 4 bytes, we'd only get -EINVAL back.
|
||||
|
||||
This could later cause events to be flushed that we shouldn't have
|
||||
gotten.
|
||||
|
||||
This is a fix for CVE-2013-1940.
|
||||
|
||||
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
||||
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
||||
---
|
||||
hw/xfree86/os-support/shared/posix_tty.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
|
||||
index ab3757a..4d08c1e 100644
|
||||
--- a/hw/xfree86/os-support/shared/posix_tty.c
|
||||
+++ b/hw/xfree86/os-support/shared/posix_tty.c
|
||||
@@ -421,7 +421,8 @@ xf86FlushInput(int fd)
|
||||
{
|
||||
fd_set fds;
|
||||
struct timeval timeout;
|
||||
- char c[4];
|
||||
+ /* this needs to be big enough to flush an evdev event. */
|
||||
+ char c[256];
|
||||
|
||||
DebugF("FlushingSerial\n");
|
||||
if (tcflush(fd, TCIFLUSH) == 0)
|
||||
--
|
||||
1.8.1.4
|
||||
@ -42,7 +42,7 @@
|
||||
Summary: X.Org X11 X server
|
||||
Name: xorg-x11-server
|
||||
Version: 1.14.0
|
||||
Release: 5%{?gitdate:.%{gitdate}}%{dist}
|
||||
Release: 6%{?gitdate:.%{gitdate}}%{dist}
|
||||
URL: http://www.x.org
|
||||
License: MIT
|
||||
Group: User Interface/X
|
||||
@ -121,11 +121,15 @@ Patch7071: 0001-os-use-libunwind-to-generate-backtraces.patch
|
||||
# upstream submitted
|
||||
Patch7072: xserver-1.14.0-fix-gpu-hotplug-vt-switch.patch
|
||||
|
||||
# Bug 950438 - CVE-2013-1940 xorg-x11-server:
|
||||
# Information disclosure due enabling events from hot-plug devices despite
|
||||
# input from the device being momentarily disabled
|
||||
Patch7073: 0001-xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch
|
||||
|
||||
# on way upstream: fixes for reverse optimus
|
||||
Patch8000: 0001-dix-allow-pixmap-dirty-helper-to-be-used-for-non-sha.patch
|
||||
Patch8001: 0001-xserver-call-CSR-for-gpus.patch
|
||||
|
||||
|
||||
%global moduledir %{_libdir}/xorg/modules
|
||||
%global drimoduledir %{_libdir}/dri
|
||||
%global sdkdir %{_includedir}/xorg
|
||||
@ -598,6 +602,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{xserver_source_dir}
|
||||
|
||||
%changelog
|
||||
* Wed Apr 17 2013 Peter Hutterer <peter.hutterer@redhat.com> 1.14.0-6
|
||||
- CVE-2013-1940: Fix xf86FlushInput() to drain evdev events
|
||||
(#950438, #952949)
|
||||
|
||||
* Fri Apr 12 2013 Dave Airlie <airlied@redhat.com> 1.14.0-5
|
||||
- reenable reverse optimus and some missing patch from F18
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user