Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[xsrc/netbsd-9]: xsrc/external/mit Pull up following revision(s) (requested b...

details:   https://anonhg.NetBSD.org/xsrc/rev/7f120d4ea70b
branches:  netbsd-9
changeset: 10529:7f120d4ea70b
user:      martin <martin%NetBSD.org@localhost>
date:      Sun Aug 02 09:01:43 2020 +0000

description:
Pull up following revision(s) (requested by maya in ticket #1033):

        xsrc/external/mit/xorg-server/dist/dix/pixmap.c: revision 1.2
        xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c: revision 1.2

Backport the only patch from xorg-server 1.20.9 as I can't find a tarball.

>From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu%herrb.eu@localhost>
Date: Sat, 25 Jul 2020 19:33:50 +0200
Subject: [PATCH] fix for ZDI-11426

Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matthieu%herrb.eu@localhost>
Reviewed-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>

diffstat:

 external/mit/xorg-server.old/dist/dix/pixmap.c |  2 +-
 external/mit/xorg-server/dist/dix/pixmap.c     |  2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diffs (24 lines):

diff -r 04df9d4e24bd -r 7f120d4ea70b external/mit/xorg-server.old/dist/dix/pixmap.c
--- a/external/mit/xorg-server.old/dist/dix/pixmap.c    Sun Jul 26 10:56:19 2020 +0000
+++ b/external/mit/xorg-server.old/dist/dix/pixmap.c    Sun Aug 02 09:01:43 2020 +0000
@@ -120,7 +120,7 @@
     if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
        return NullPixmap;
     
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
        return NullPixmap;
 
diff -r 04df9d4e24bd -r 7f120d4ea70b external/mit/xorg-server/dist/dix/pixmap.c
--- a/external/mit/xorg-server/dist/dix/pixmap.c        Sun Jul 26 10:56:19 2020 +0000
+++ b/external/mit/xorg-server/dist/dix/pixmap.c        Sun Aug 02 09:01:43 2020 +0000
@@ -116,7 +116,7 @@
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;
 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;
Home | Main Index | Thread Index | Old Index