| Age | Commit message (Collapse) | Author |
|---|
|
_XiCheckExtInit unlocks the display if it fails and returns -1. Most callers
account for it properly, but few didn't.
Signed-off-by: Michal Srb <msrb@suse.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
First: check for allocation failure on the mask.
XI2 requires that the mask is zeroed, so we can't just Data() the mask
provided by the client (it will pad) - we need a tmp buffer. Make sure that
doesn't fail.
Second:
req->mask_len is a uint16_t, so check against malicious mask_lens that would
cause us to corrupt memory on copy, as the code always allocates
req->mask_len * 4, but copies mask->mask_len bytes.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
If the number of events or masks reported by the server is large enough
that it overflows when multiplied by the size of the appropriate struct,
or the sizes overflow as they are totaled up, then memory corruption can
occur when more bytes are copied from the X server reply than the size
of the buffer we allocated to hold them.
v2: check that reply size fits inside the data read from the server,
so that we don't read out of bounds either
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Unpacking from the wire involves un-interleaving the structs & masks,
which wasn't obvious to me the first time I read it, so make notes
before I forget again.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Use Data() to send the struct xXIEventMask on the wire instead of
Data32() which expects a pointer to a 64bits value on LP64
architectures.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Each XI2 call should check _XiCheckExtInit for XI version 2.0 or higher.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
|
|
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
XISelectEvents and XIGetSelectedEvents were not unlocking display in all
return paths.
Reported-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com>
|
|
mask_in was leaking for every successfull XIGetSelectedEvents.
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
If a client issues an XI2 request against a non-XI2 server it should
generate a BadRequest error from the server.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
|
|
|
|
|
|
|
|
|
