frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

os: Fix NULL pointer dereference 

RemoveHost() can be called from DisableLocalHost() with a NULL client,
but doesn't actually check whether the given client pointer is valid on
error and assigns the error value unconditionally, leading to a possible
NULL pointer dereference and a crash of the Xserver.

To avoid the issue, simply check whether the client pointer is not NULL
prior to assign the errorValue.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1752
See-also: https://bugzilla.redhat.com/2313799
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1701>
This commit is contained in:
Olivier Fourdan 2024-09-23 09:27:21 +02:00 committed by Enrico Weigelt, metux IT consult
parent ef6b615aa8
commit dfd1da4bbc
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
os/access.c
View File

@ -1371,13 +1371,15 @@ RemoveHost(ClientPtr client, int family, unsigned length, /* of bytes in p
case FamilyChaos:
case FamilyServerInterpreted:
if ((len = CheckAddr(family, pAddr, length)) < 0) {
client->errorValue = length;
if (client)
client->errorValue = length;
return BadValue;
}
break;
case FamilyLocal:
default:
client->errorValue = family;
if (client)
client->errorValue = family;
return BadValue;
}
for (prev = &validhosts;