frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/os
History
Peter Hutterer 412777664a Disallow byte-swapped clients by default 
The X server swapping code is a huge attack surface, much of this code
is untested and prone to security issues. The use-case of byte-swapped
clients is very niche, so let's disable this by default and allow it
only when the respective config option or commandline flag is given.

For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
For all DDX, this adds the commandline options +byteswappedclients and
-byteswappedclients to enable or disable, respectively.

Fixes #1201

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
 		2023-01-06 11:59:37 +10:00
..
.gitignore dix and os: gitignore dix.O and os.O 2011-09-23 17:14:47 -07:00
WaitFor.c os: Recompute whether any clients are ready after check_timers() 2018-06-26 17:03:32 -07:00
access.c xserver/os: safer IPv6 "kame hack" fix, only override sin6_scope_id if zero 2021-04-04 21:06:35 +00:00
auth.c Clarify authorization failure reason strings sent back to the client 2019-07-23 19:50:25 +00:00
backtrace.c os: print registers in the libunwind version of xorg_backtrace() 2022-05-23 11:20:40 -07:00
busfault.c os: Fix iteration over busfaults 2017-02-23 09:20:48 +10:00
client.c Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
connection.c os/connection: don't leave `port` uninitialized 2022-12-29 21:05:26 +00:00
inputthread.c os, shm: fcntl()'s third argument is integer, not pointer 2020-12-18 09:36:30 -05:00
io.c os: Restore buffer when writing to network 2022-09-09 16:52:43 +00:00
log.c os: Remove support for Tiger and earlier versions of macOS 2021-02-01 16:21:39 -08:00
meson.build meson: Use system method for locating tirpc 2022-07-01 21:38:54 +00:00
mitauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
oscolor.c Use ARRAY_SIZE all over the tree 2017-10-30 13:45:20 -04:00
osdep.h os: Remove mffs() 2017-11-06 17:22:46 -05:00
osinit.c os: Make OsSignalHandler ask for core dumps for signo != SIGQUIT 2017-12-13 11:11:42 -05:00
ospoll.c ospoll: Fix Solaris ports implementation to build on Solaris 11.4 2019-09-23 15:12:01 -07:00
ospoll.h os: Add ospoll interface [v2] 2016-07-21 15:04:47 -04:00
reallocarray.c Import reallocarray() from OpenBSD 2015-04-21 16:57:08 -07:00
rpcauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
strcasecmp.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strcasestr.c Remove unneeded include of dix.h from strcasestr.c 2019-04-30 20:07:51 +00:00
strlcat.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcpy.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strndup.c os: Ensure <dix-config.h> is included in strndup.c 2013-02-14 09:20:46 -08:00
timingsafe_memcmp.c timingsafe_memcmp: Fix meson build 2017-05-10 10:56:16 -04:00
utils.c Disallow byte-swapped clients by default 2023-01-06 11:59:37 +10:00
xdmauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
xdmcp.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
xprintf.c os/xprintf: add Xvscnprintf and Xscnprintf 2012-05-03 14:59:23 +10:00
xserver_poll.c os: Fix build of xserver_poll.c on MinGW 2019-05-18 14:59:38 +00:00
xsha1.c os: unbreak xsha1 on FreeBSD 2020-05-27 07:15:07 +00:00
xstrans.c Clean up a couple of warnings in os/ 2013-10-31 16:58:12 -07:00