frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/xfixes
History
Olivier Fourdan a1e44d3c4f xfixes: Check request length for SetClientDisconnectMode 
The handler of XFixesSetClientDisconnectMode does not check the client
request length.

A client could send a shorter request and read data from a former
request.

Fix the issue by checking the request size matches.

CVE-2025-49177

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Fixes: e167299f6 - xfixes: Add ClientDisconnectMode
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
 		2025-06-17 20:01:25 +02:00
..
cursor.c xfixes: XFixesSelectCursorInput() use calloc() 2025-06-12 17:21:44 +02:00
disconnect.c xfixes: Check request length for SetClientDisconnectMode 2025-06-17 20:01:25 +02:00
meson.build xfixes: Add ClientDisconnectMode 2021-06-07 17:28:05 +02:00
region.c dix: clean up MakeWindowOptional() calls and add alloc fault checks 2025-06-12 17:21:48 +02:00
saveset.c xfixes: simplify dispatcher 2025-06-12 17:21:44 +02:00
select.c dix: add selection filtering hooks 2025-06-12 17:21:48 +02:00
xfixes.c miext: move over extinit_priv.h from include 2025-06-12 17:21:46 +02:00
xfixes.h xfixes: Unexport xfixes.h 2015-07-08 16:40:58 -04:00
xfixesint.h dix: move over private defintions from selection.h to private header 2025-06-12 17:21:46 +02:00