frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

os: Fix NULL pointer dereference 

RemoveHost() can be called from DisableLocalHost() with a NULL client,
but doesn't actually check whether the given client pointer is valid on
error and assigns the error value unconditionally, leading to a possible
NULL pointer dereference and a crash of the Xserver.

To avoid the issue, simply check whether the client pointer is not NULL
prior to assign the errorValue.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1752
See-also: https://bugzilla.redhat.com/2313799
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1701>
This commit is contained in:
Olivier Fourdan 2024-09-23 09:27:21 +02:00 committed by Enrico Weigelt, metux IT consult
parent 40317361f4
commit 33958af5b5
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
os/access.c
View File

@ -1413,12 +1413,14 @@ RemoveHost(ClientPtr client, int family, unsigned length, /* of bytes in p
case FamilyChaos:
case FamilyServerInterpreted:
if ((len = CheckAddr(family, pAddr, length)) < 0) {
if (client)
client->errorValue = length;
return BadValue;
}
break;
case FamilyLocal:
default:
if (client)
client->errorValue = family;
return BadValue;
}