frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xext/shm: Validate shmseg resource id (CVE-2017-13721) 

Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.

Signed-off-by: Julien Cristau <jcristau@debian.org>
This commit is contained in:
Michal Srb 2017-07-28 16:27:10 +02:00 committed by Julien Cristau
parent db465bae53
commit b95f25af14
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Xext/shm.c
View File

@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client)
}; };
REQUEST_SIZE_MATCH(xShmCreateSegmentReq); REQUEST_SIZE_MATCH(xShmCreateSegmentReq);
LEGAL_NEW_RESOURCE(stuff->shmseg, client);
if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) { if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) {
client->errorValue = stuff->readOnly; client->errorValue = stuff->readOnly;
return BadValue; return BadValue;