frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/os
History
Enrico Weigelt, metux IT consult 8c4a015cc2 os: color: fix possible buffer overflow vulnerability 
The old approach of builtin color lookup used a binary search of strings
within text blocks (their start offsets defined in the color array).

This could potentially lead to buffer overflow, if the requested color
name far outreaches the text block (eg. same prefix as some entry near to
the end, but really huge). This alone wouldn't allow remote memory readout
(just comparing), but could possibly trigger page faults (sigsegv) or used
as a building block for some more complex attack.

OTOH, the old approach is also hard to maintain, ugly programming style:
on each change, all the offset need to be carefully recounted, which is
pretty error-prone.

Both problems are solved by moving to simple, per-entry, char* pointers,
instead of the one large text block.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
 		2024-02-22 23:33:34 +00:00
..
.gitignore dix and os: gitignore dix.O and os.O 2011-09-23 17:14:47 -07:00
WaitFor.c os: Recompute whether any clients are ready after check_timers() 2018-06-26 17:03:32 -07:00
access.c OpenBSD build fix: struct ucred is struct sockpeercred there 2024-02-18 00:16:38 +00:00
auth.c Switch to libbsd-overlay 2023-08-16 19:56:50 +00:00
backtrace.c os: print registers in the libunwind version of xorg_backtrace() 2022-05-23 11:20:40 -07:00
busfault.c os: Fix iteration over busfaults 2017-02-23 09:20:48 +10:00
client.c os: Use KERN_PROC_ARGS to determine client command on DragonFly and FreeBSD 2023-12-17 17:16:23 +00:00
connection.c unifdef apollo 2024-02-17 16:31:46 -08:00
inputthread.c os, shm: fcntl()'s third argument is integer, not pointer 2020-12-18 09:36:30 -05:00
io.c unifdef SUNSYSV 2024-02-19 15:12:41 -08:00
log.c include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
meson.build meson: Use system method for locating tirpc 2022-07-01 21:38:54 +00:00
mitauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
oscolor.c os: color: fix possible buffer overflow vulnerability 2024-02-22 23:33:34 +00:00
osdep.h os: Remove mffs() 2017-11-06 17:22:46 -05:00
osinit.c os: Make OsSignalHandler ask for core dumps for signo != SIGQUIT 2017-12-13 11:11:42 -05:00
ospoll.c ospoll: Fix Solaris ports implementation to build on Solaris 11.4 2019-09-23 15:12:01 -07:00
ospoll.h os: Add ospoll interface [v2] 2016-07-21 15:04:47 -04:00
reallocarray.c Import reallocarray() from OpenBSD 2015-04-21 16:57:08 -07:00
rpcauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
strcasecmp.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strcasestr.c Remove unneeded include of dix.h from strcasestr.c 2019-04-30 20:07:51 +00:00
strlcat.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strlcpy.c Introduce a consistent coding style 2012-03-21 13:54:42 -07:00
strndup.c os: Ensure <dix-config.h> is included in strndup.c 2013-02-14 09:20:46 -08:00
timingsafe_memcmp.c timingsafe_memcmp: Fix meson build 2017-05-10 10:56:16 -04:00
utils.c include: move BUG_*() macros to separate header 2024-02-15 23:33:46 +00:00
xdmauth.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
xdmcp.c os: Use memcpy() instead of memmove() when buffers are known not to overlap 2022-08-29 21:10:51 +00:00
xprintf.c Remove "All rights reserved" from Oracle copyright notices 2023-02-25 09:40:41 -08:00
xserver_poll.c os: Fix build of xserver_poll.c on MinGW 2019-05-18 14:59:38 +00:00
xsha1.c os: unbreak xsha1 on FreeBSD 2020-05-27 07:15:07 +00:00
xstrans.c Clean up a couple of warnings in os/ 2013-10-31 16:58:12 -07:00