CVS commit: [netbsd-8] xsrc/external/mit

Martin Husemann Sun, 02 Aug 2020 02:10:07 -0700

Module Name:    xsrc
Committed By:   martin
Date:           Sun Aug  2 09:09:39 UTC 2020


Modified Files:
        xsrc/external/mit/xorg-server.old/dist/dix [netbsd-8]: pixmap.c
        xsrc/external/mit/xorg-server/dist/dix [netbsd-8]: pixmap.c

Log Message:
Pull up following revision(s) (requested by maya in ticket #1582):

        xsrc/external/mit/xorg-server/dist/dix/pixmap.c: revision 1.2
        xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c: revision 1.2

Backport the only patch from xorg-server 1.20.9 as I can't find a tarball.

>From aac28e162e5108510065ad4c323affd6deffd816 Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu%herrb.eu@localhost>
Date: Sat, 25 Jul 2020 19:33:50 +0200
Subject: [PATCH] fix for ZDI-11426

Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matthieu%herrb.eu@localhost>
Reviewed-by: Alan Coopersmith <alan.coopersmith%oracle.com@localhost>


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
    xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
    xsrc/external/mit/xorg-server/dist/dix/pixmap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c
diff -u xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/dix/pixmap.c	Sun Aug  2 09:09:39 2020
@@ -120,7 +120,7 @@ AllocatePixmap(ScreenPtr pScreen, int pi
     if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
 	return NullPixmap;
     
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
 	return NullPixmap;
 

Index: xsrc/external/mit/xorg-server/dist/dix/pixmap.c
diff -u xsrc/external/mit/xorg-server/dist/dix/pixmap.c:1.1.1.4 xsrc/external/mit/xorg-server/dist/dix/pixmap.c:1.1.1.4.2.1
--- xsrc/external/mit/xorg-server/dist/dix/pixmap.c:1.1.1.4	Wed Aug 10 07:44:31 2016
+++ xsrc/external/mit/xorg-server/dist/dix/pixmap.c	Sun Aug  2 09:09:39 2020
@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pi
     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
         return NullPixmap;
 
-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
         return NullPixmap;

CVS commit: [netbsd-8] xsrc/external/mit

Reply via email to