Your message dated Thu, 20 Aug 2009 01:32:18 +0000
with message-id <e1mdwvm-0004gu...@ries.debian.org>
and subject line Bug#539699: fixed in xscreensaver 5.05-3+nmu1
has caused the Debian Bug report #539699,
regarding xscreensaver: unlocked because killed, infinite loop with small screen
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
539699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xscreensaver
Version: 5.05-3
Severity: grave
Tags: security patch
Justification: user security hole
Reproduce by setting a narrow X resolution, in this case I was running
Xnest at 410x384, type something to get the password dialog, but it
never comes up. xscreensaver goes into an infinite loop eating
memory, and the one time I let it run, the Linux kernel out of memory
detector killed xscreensaver unlocking the X server. That's why I
marked this with the security tags.
Do any hardware and X software automatically pick up and use newly
plugged in displays? If so, it might be exploited by, plugging in a
custom display device with a small screen, and use this exploit to
kill the screen saver get access to the system, then restart the
xscreensaver to make detection more difficult.
The problem is when mlstring_wrap detects a space will copy the
whitespace on to a new line and then truncate the original string for
the current line. If in the next iteration the line is still too
long, and the current whitespace character is the first one
encountered it is in an infinite loop finding the same whitespace
character.
In my case line_length is 5, and the string is
"Please enter your password."
This patch will leave the whitespace in the previous line so it can't
be found the next iteration. It will also make the previous line too
wide, but only the whitespace would be over the border.
On a site note it might be a good idea to always put the logo on the
right side, or put it on the right side when the width is too small.
With the patch at 410 pixels wide the logo takes up almost all of the
screen and the text is just visible at the right side.
diff --git a/driver/mlstring.c b/driver/mlstring.c
index d6df844..a850890 100644
--- a/driver/mlstring.c
+++ b/driver/mlstring.c
@@ -153,6 +153,8 @@ mlstring_wrap(mlstring *mstring, XFontStruct *font,
Dimension width)
if (wrap_at == -1) /* No space found, hard wrap */
wrap_at = line_length;
+ else
+ wrap_at++; /* Leave the space at the end of the line. */
newml = calloc(1, sizeof(*newml));
if (!newml) /* OOM, don't bother trying to wrap */
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 2.6.29-rc3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages xscreensaver depends on:
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.6-2 The GLib library of C routines
ii libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libpango1.0-0 1.20.5-5 Layout and rendering of internatio
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxrandr2 2:1.2.3-1 X11 RandR extension library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii libxxf86misc1 1:1.0.1-3 X11 XFree86 miscellaneous extensio
ii libxxf86vm1 1:1.0.2-1 X11 XFree86 video mode extension l
ii xscreensaver-data 5.05-3 data files to be shared among scre
Versions of packages xscreensaver recommends:
ii libjpeg-progs 6b-14 Programs for manipulating JPEG fil
ii perl [perl5] 5.10.0-19 Larry Wall's Practical Extraction
ii wamerican [wordlist] 6-2.3 American English dictionary words
pn xli | xloadimage <none> (no description available)
Versions of packages xscreensaver suggests:
ii fortune-mod [fortune] 1:1.99.1-3.1 provides fortune cookies on demand
ii iceape-browser [www-bro 1.1.14-1 Iceape Navigator (Internet browser
ii iceweasel [www-browser] 3.0.6-1 lightweight web browser based on M
ii konqueror [www-browser] 4:3.5.9.dfsg.1-6 KDE's advanced file manager, web b
ii lynx-cur [www-browser] 2.8.7dev9-2.1 Text-mode WWW Browser with NLS sup
ii streamer 3.95.dfsg.1-8 television capture tool (images/mo
pn xdaliclock <none> (no description available)
pn xfishtank <none> (no description available)
pn xscreensaver-gl <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xscreensaver
Source-Version: 5.05-3+nmu1
We believe that the bug you reported is fixed in the latest version of
xscreensaver, which is due to be installed in the Debian FTP archive:
xscreensaver-data-extra_5.05-3+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-data-extra_5.05-3+nmu1_i386.deb
xscreensaver-data_5.05-3+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-data_5.05-3+nmu1_i386.deb
xscreensaver-gl-extra_5.05-3+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-gl-extra_5.05-3+nmu1_i386.deb
xscreensaver-gl_5.05-3+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-gl_5.05-3+nmu1_i386.deb
xscreensaver_5.05-3+nmu1.diff.gz
to pool/main/x/xscreensaver/xscreensaver_5.05-3+nmu1.diff.gz
xscreensaver_5.05-3+nmu1.dsc
to pool/main/x/xscreensaver/xscreensaver_5.05-3+nmu1.dsc
xscreensaver_5.05-3+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver_5.05-3+nmu1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 539...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilb...@gmail.com> (supplier of updated xscreensaver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 19 Aug 2009 09:49:05 -0400
Source: xscreensaver
Binary: xscreensaver xscreensaver-data xscreensaver-data-extra xscreensaver-gl
xscreensaver-gl-extra
Architecture: source i386
Version: 5.05-3+nmu1
Distribution: unstable
Urgency: low
Maintainer: Jose Luis Rivas <ghostba...@gmail.com>
Changed-By: Michael Gilbert <michael.s.gilb...@gmail.com>
Description:
xscreensaver - Automatic screensaver for X
xscreensaver-data - data files to be shared among screensaver frontends
xscreensaver-data-extra - data files to be shared among screensaver frontends
xscreensaver-gl - GL(Mesa) screen hacks for xscreensaver
xscreensaver-gl-extra - GL(Mesa) screen hacks for xscreensaver
Closes: 539699
Changes:
xscreensaver (5.05-3+nmu1) unstable; urgency=low
.
* Non-maintainer upload by the security team.
* Fix local screen lock bypass vulnerability (closes: #539699).
Checksums-Sha1:
55c53f31f3f5c086946897adfdfd66299aa2c8e5 1755 xscreensaver_5.05-3+nmu1.dsc
4c4c51757e27e89338c4cd7db828ac484ad0146b 112672
xscreensaver_5.05-3+nmu1.diff.gz
8df7c9711c300144f541fd58f7964224b328888a 733938
xscreensaver_5.05-3+nmu1_i386.deb
59325551f27db9012f9589d963d3877bfdd270f0 488234
xscreensaver-data_5.05-3+nmu1_i386.deb
b22848576ef3d921743ea4e3cd622b411e93dc64 2973850
xscreensaver-data-extra_5.05-3+nmu1_i386.deb
905818d52cdb3624619ba08da995f30ad2c86938 1875960
xscreensaver-gl_5.05-3+nmu1_i386.deb
2cf77e9008c60add3c414607eb3f21098421ac4f 1855100
xscreensaver-gl-extra_5.05-3+nmu1_i386.deb
Checksums-Sha256:
7fcd96132508fdf60644e23bc224a74bbed4aaaa423ee649fafd80844c730f9f 1755
xscreensaver_5.05-3+nmu1.dsc
ec2194dafb0e8845381a0ac283e735d2eadf4a02817c4a92f0a23ee58a875722 112672
xscreensaver_5.05-3+nmu1.diff.gz
b5cbe3109436d798fb6ba75fbad069f3e67d0d24a6340b7413b6edb5b4ff9cd6 733938
xscreensaver_5.05-3+nmu1_i386.deb
a6ef448aa4bc137be25ed6168e92ada6b1887da7131f359bc0e2119052efcc1b 488234
xscreensaver-data_5.05-3+nmu1_i386.deb
6a053b4bbf389b8b76bef8ca91c260a0182f3c3290d88a85a978c801892a8b8c 2973850
xscreensaver-data-extra_5.05-3+nmu1_i386.deb
db661cc56106ad7b387713d523bab4c7a486b4f4654f141666ce0662612300b9 1875960
xscreensaver-gl_5.05-3+nmu1_i386.deb
2001842af88600ae75b4095faed3457817864d4193bf56609831c1c7187c9cc4 1855100
xscreensaver-gl-extra_5.05-3+nmu1_i386.deb
Files:
d535deb2faa3a888df34707f3365bd8c 1755 x11 optional xscreensaver_5.05-3+nmu1.dsc
a260791595a646872701a3334776c9ae 112672 x11 optional
xscreensaver_5.05-3+nmu1.diff.gz
f93124d4162e05b177c040ef29bc3286 733938 x11 optional
xscreensaver_5.05-3+nmu1_i386.deb
0529495ff719fc892f6e8165ba0ff690 488234 x11 optional
xscreensaver-data_5.05-3+nmu1_i386.deb
a89df8d87d01f85ad5237b652f22cb96 2973850 x11 optional
xscreensaver-data-extra_5.05-3+nmu1_i386.deb
5c4ed9b9abd9456e49a49f38342b3243 1875960 x11 optional
xscreensaver-gl_5.05-3+nmu1_i386.deb
8a9923157a4a4430fc752d826c377d56 1855100 x11 optional
xscreensaver-gl-extra_5.05-3+nmu1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqMppMACgkQ62zWxYk/rQcZlgCeNMh3SF10vk4ZYVSLYTh4tW6z
jTAAoJuWh4sJyJKbQ0RXuOQwbBEHSSgm
=pgqT
-----END PGP SIGNATURE-----
--- End Message ---
