frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

os: Fix NULL pointer dereference 

RemoveHost() can be called from DisableLocalHost() with a NULL client,
but doesn't actually check whether the given client pointer is valid on
error and assigns the error value unconditionally, leading to a possible
NULL pointer dereference and a crash of the Xserver.

To avoid the issue, simply check whether the client pointer is not NULL
prior to assign the errorValue.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1752
See-also: https://bugzilla.redhat.com/2313799
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1701>
This commit is contained in:
Olivier Fourdan 2024-09-23 09:27:21 +02:00 committed by Enrico Weigelt, metux IT consult
parent 40317361f4
commit 33958af5b5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
os/access.c
View File

@ -1413,13 +1413,15 @@ RemoveHost(ClientPtr client, int family, unsigned length, /* of bytes in p
case FamilyChaos: case FamilyChaos:
case FamilyServerInterpreted: case FamilyServerInterpreted:
if ((len = CheckAddr(family, pAddr, length)) < 0) { if ((len = CheckAddr(family, pAddr, length)) < 0) {
client->errorValue = length; if (client)
client->errorValue = length;
return BadValue; return BadValue;
} }
break; break;
case FamilyLocal: case FamilyLocal:
default: default:
client->errorValue = family; if (client)
client->errorValue = family;
return BadValue; return BadValue;
} }
for (prev = &validhosts; for (prev = &validhosts;