frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
XLibre Xserver
18,276 Commits 293 Branches 13 Tags 61 MiB
C 96.4%
Roff 1.1%
Objective-C 1%
Meson 0.8%
Shell 0.2%
Other 0.3%
Go to file
José Expósito bc1fdbe465 Xi: do not keep linked list pointer during recursion 
The `DisableDevice()` function is called whenever an enabled device
is disabled and it moves the device from the `inputInfo.devices` linked
list to the `inputInfo.off_devices` linked list.

However, its link/unlink operation has an issue during the recursive
call to `DisableDevice()` due to the `prev` pointer pointing to a
removed device.

This issue leads to a length mismatch between the total number of
devices and the number of device in the list, leading to a heap
overflow and, possibly, to local privilege escalation.

Simplify the code that checked whether the device passed to
`DisableDevice()` was in `inputInfo.devices` or not and find the
previous device after the recursion.

CVE-2024-21886, ZDI-CAN-22840

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
 		2024-01-16 09:24:31 +01:00
.gitlab-ci xwayland: Add XTEST support using EIS 2023-06-26 13:19:19 +02:00
Xext dix: initialize the XTest sendEventsProc for all devices 2024-01-09 00:45:31 +00:00
Xi Xi: flush hierarchy events after adding/removing master devices 2024-01-16 09:24:26 +01:00
composite composite: Expose CompositeIsImplicitRedirectException 2023-07-18 09:34:39 +00:00
config config: add a quirk for Apple Silicon appledrm 2023-01-11 10:01:29 +00:00
damageext Remove autotools support 2021-10-27 13:15:40 +03:00
dbe Remove autotools support 2021-10-27 13:15:40 +03:00
dix Xi: do not keep linked list pointer during recursion 2024-01-16 09:24:31 +01:00
doc Remove autotools support 2021-10-27 13:15:40 +03:00
dri3 dri3: Don't compute intersection with drawable modifiers 2023-01-20 17:56:54 +00:00
exa rootless: Use screen_x and screen_y instead of pixmap pointer hacks 2023-01-20 17:10:54 +00:00
fb fb: Fix 1bpp Xservers on "whitePixel=0, blackPixel=1" VRAMs 2024-01-03 19:43:16 +00:00
glamor glamor: Fall back for mixed depth 24/32 in glamor_set_alu 2024-01-11 10:03:10 +00:00
glx GLX: Free the tag of the old context later 2022-12-09 15:10:09 +00:00
hw xwayland: Destroy old window pixmap in xwl_window_recycle_pixmap 2024-01-12 17:06:39 +00:00
include dix: initialize the XTest sendEventsProc for all devices 2024-01-09 00:45:31 +00:00
m4 Add ax_pthread.m4 to m4/ 2016-05-29 19:20:51 -07:00
man Disallow byte-swapped clients by default 2023-01-06 11:59:37 +10:00
mi mi: reset the PointerWindows reference on screen switch 2023-10-25 00:37:47 +00:00
miext rootless: Use screen_x and screen_y instead of pixmap pointer hacks 2023-01-20 17:10:54 +00:00
os Use log lines prefixed with human readable time 2023-12-17 19:37:03 +00:00
present modesetting: unflip before any setcrtc() calls 2023-12-16 04:36:39 +00:00
pseudoramiX Remove autotools support 2021-10-27 13:15:40 +03:00
randr Removing the code that deletes an existing monitor in RRMonitorAdd 2023-12-17 18:55:50 +00:00
record record: Support architectures with sizeof(void*) > sizeof(long) 2023-12-17 19:30:52 +00:00
render glamor: fix CbCr format handling 2022-12-01 08:41:57 +00:00
test test: drop the unncessary unit_defines from meson.build 2024-01-09 09:49:54 +10:00
xfixes Remove "All rights reserved" from Oracle copyright notices 2023-02-25 09:40:41 -08:00
xkb xkb: free the filters 2023-12-05 14:21:32 +10:00
.appveyor.yml appveyor: Add libxcvt build dep 2021-11-04 13:03:25 +00:00
.dir-locals.el .dir-locals.el: Add missing final newline 2019-10-01 17:05:28 +00:00
.gitignore Clean up the .gitignore file 2024-01-12 00:50:24 +00:00
.gitlab-ci.yml ci: Prevent duplicate pipelines for MRs 2024-01-08 01:11:21 +00:00
.mailmap Add a .mailmap file to canonicalize author names and emails 2023-03-15 18:10:51 +00:00
.travis.yml travis: Add OSX meson build to matrix 2019-05-02 15:42:58 +00:00
COPYING modesetting: Merge modesetting's COPYING into the xserver's. 2014-09-15 12:46:02 -07:00
README.md Fix spelling/wording issues 2020-07-05 13:07:33 -07:00
meson.build build: Switch to meson 0.56 2024-01-08 10:38:05 +00:00
meson_options.txt meson: add option for systemd_notify 2024-01-08 01:23:55 +00:00
xorg-server.m4 xorg-server.m4: just all cflags instead of just sdkdir 2018-09-20 20:12:24 +01:00
xorg-server.pc.in xfree86: link modules against Xorg symbols on Cygwin 2012-04-05 21:57:07 -05:00
xserver.ent.in doc: relocate xserver.ent in the package root directory 2011-05-14 11:22:26 -07:00

README.md

X Server

The X server accepts requests from client applications to create windows, which are (normally rectangular) "virtual screens" that the client program can draw into.

Windows are then composed on the actual screen by the X server (or by a separate composite manager) as directed by the window manager, which usually communicates with the user via graphical controls such as buttons and draggable titlebars and borders.

For a comprehensive overview of X Server and X Window System, consult the following article: https://en.wikipedia.org/wiki/X_server

All questions regarding this software should be directed at the Xorg mailing list:

https://lists.freedesktop.org/mailman/listinfo/xorg

The primary development code repository can be found at:

https://gitlab.freedesktop.org/xorg/xserver

For patch submission instructions, see:

https://www.x.org/wiki/Development/Documentation/SubmittingPatches

As with other projects hosted on freedesktop.org, X.Org follows its Code of Conduct, based on the Contributor Covenant. Please conduct yourself in a respectful and civilized manner when using the above mailing lists, bug trackers, etc:

https://www.freedesktop.org/wiki/CodeOfConduct