Fix information disclosure bug in pixmap allocation (CVE-2020-14347)
This commit is contained in:
Adam Jackson
parent
9d32eb45b5
commit
e6480d9628
33
0001-fix-for-ZDI-11426.patch
Normal file
33
0001-fix-for-ZDI-11426.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
|
||||
From: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Date: Sat, 25 Jul 2020 19:33:50 +0200
|
||||
Subject: [PATCH xserver] fix for ZDI-11426
|
||||
|
||||
Avoid leaking un-initalized memory to clients by zeroing the
|
||||
whole pixmap on initial allocation.
|
||||
|
||||
This vulnerability was discovered by:
|
||||
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
|
||||
|
||||
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
---
|
||||
dix/pixmap.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/dix/pixmap.c b/dix/pixmap.c
|
||||
index 1186d7dbbf..5a0146bbb6 100644
|
||||
--- a/dix/pixmap.c
|
||||
+++ b/dix/pixmap.c
|
||||
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
|
||||
if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
|
||||
return NullPixmap;
|
||||
|
||||
- pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
|
||||
+ pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
|
||||
if (!pPixmap)
|
||||
return NullPixmap;
|
||||
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -46,7 +46,7 @@
|
||||
Summary: X.Org X11 X server
|
||||
Name: xorg-x11-server
|
||||
Version: 1.20.8
|
||||
Release: 2%{?gitdate:.%{gitdate}}%{?dist}
|
||||
Release: 3%{?gitdate:.%{gitdate}}%{?dist}
|
||||
URL: http://www.x.org
|
||||
License: MIT
|
||||
|
||||
@ -95,6 +95,7 @@ Patch6: 0001-Fedora-hack-Make-the-suid-root-wrapper-always-start-.patch
|
||||
# Backports from current stable "server-1.20-branch":
|
||||
|
||||
# Backports from "master" upstream:
|
||||
Patch100: 0001-fix-for-ZDI-11426.patch
|
||||
|
||||
# Backported Xwayland randr resolution change emulation support
|
||||
Patch501: 0001-dix-Add-GetCurrentClient-helper.patch
|
||||
@ -546,6 +547,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jul 31 2020 Adam Jackson <ajax@redhat.com> - 1.20.8-3
|
||||
- Fix information disclosure bug in pixmap allocation (CVE-2020-14347)
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.8-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user