Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
xscreensaver
0001-Fix-updating-outputs-info-v2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-updating-outputs-info-v2.patch of Package xscreensaver
From bf96212d0102c5c41cce8c2f05d55db286001702 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com> Date: Sun, 27 Jun 2021 16:17:15 +0200 Subject: [PATCH] Fix updating outputs info (v2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Organization: Invisible Things Lab Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> When an output is disconnected, update_screen_layout() will try to unset a property on window assigned to that output. It does that by iterating si->screens up to 'count', while 'good_count' signifies how many outputs are currently connected (good_count <= count). si->screens has few more entries allocated (at start 10), but if there are more disconnected outputs, the iteration will go beyond si->screens array. The only out of bound access there is reading window ID to delete property from, which in most cases will be a bogus number -> crashing xscreensaver with BadWindow error. Fix this by allocating array up to full 'count' entries, even if much fewer outputs are connected at the moment. The same code has another vulnerability. When the si->screens is reallocated when more outputs appears, the newly allocated part is then initialized with zeros (via memset() call). But it does memset() not only on the newly allocated area, but also previously unused area. That "unused" area could in fact be used earlier and some other structures may point at it. One such place is password_dialog_data->prompt_screen, used by PAM. If it points at a screen that is reset by the memset() call, the xscreensaver process will crash at the earliest PAM callback. Fix this by really resetting only the newly allocated area. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> --- driver/screens.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/driver/screens.c b/driver/screens.c index 5aeb55d5..ed43a8d9 100644 --- a/driver/screens.c +++ b/driver/screens.c @@ -1020,13 +1020,13 @@ update_screen_layout (saver_info *si) calloc (sizeof(*si->screens), si->ssi_count); } - if (si->ssi_count <= good_count) + if (si->ssi_count <= count) { - si->ssi_count = good_count + 10; si->screens = (saver_screen_info *) - realloc (si->screens, sizeof(*si->screens) * si->ssi_count); - memset (si->screens + si->nscreens, 0, - sizeof(*si->screens) * (si->ssi_count - si->nscreens)); + realloc (si->screens, sizeof(*si->screens) * count); + memset (si->screens + si->ssi_count, 0, + sizeof(*si->screens) * (count - si->ssi_count)); + si->ssi_count = count; } if (! si->screens) abort(); -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor