| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GetHosts() iterates over all the hosts it has in memory, and copies
them to a buffer. The buffer length is calculated by iterating over
all the hosts and adding up all of their combined length. There is a
potential integer overflow, if there are lots and lots of hosts (with
a combined length of > ~4 gig). This should be possible by repeatedly
calling ProcChangeHosts() on 64bit machines with enough memory.
This patch caps the list at 1mb, because multi-megabyte hostname
lists for X access control are insane.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
os/access.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
authdes_ezdecode() calls malloc() using a length provided by the
connection handshake sent by a newly connected client in order
to authenticate to the server, so should be treated as untrusted.
It didn't check if malloc() failed before writing to the newly
allocated buffer, so could lead to a server crash if the server
fails to allocate memory (up to UINT16_MAX bytes, since the len
field is a CARD16 in the X protocol).
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Conflicts:
os/rpcauth.c
|
|
|
|
|
|
|
|
| |
commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
|
|
|
|
|
|
|
|
|
|
| |
(999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch).
When launched with NX Agent flavour, the startup screen gets unbranded by
this patch (the !M logo does not get shown).
When launched with X2Go Agent flavour, the startup screen gets branded
with the X2GO logo.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
relinquishing privileges (602_nx-X11_initgroups.full.patch).
The Fedora review of NX (redistributed) caught the following rpmlint issue:
This executable is calling setuid and setgid without setgroups or initgroups.
There is a high probability this mean it didn't relinquish all groups, and this
would be a potential security issue to be fixed. Seek POS36-C on the web for
details about the problem.
Ref POS36-C:
https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
This patch adds initgroups() calls to the code to initialize the supplemental group list.
|
|
|
|
|
|
|
| |
This patch is needed on Debian only, not reporting this path
addition to upstream.
Patch was modified by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
|
|
|
|
|
|
|
|
| |
(056_nx-X11_Werror-format-security.full.patch).
The below patch fixes more -Werror=format-security errors.
Interestingly, most of the errors only showed up on our arm builds. No
idea why.
|
| |
|
|
|
|
| |
This reverts commit e77bf36d9afbc7e56522574b06217d57c11dd095.
|
| |
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.5.0-1.tar.gz
Keywords:
Imported nx-X11-3.5.0-1.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.4.0-3.tar.gz
Keywords:
Imported nx-X11-3.4.0-3.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.4.0-1.tar.gz
Keywords:
Imported nx-X11-3.4.0-1.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.3.0-7.tar.gz
Keywords:
Imported nx-X11-3.3.0-7.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.3.0-6.tar.gz
Keywords:
Imported nx-X11-3.3.0-6.tar.gz
into Git repository
|
|
|
|
|
|
|
|
| |
Summary: Imported nx-X11-3.3.0-5.tar.gz
Keywords:
Imported nx-X11-3.3.0-5.tar.gz
into Git repository
|
|
Summary: Imported nx-X11-3.1.0-1.tar.gz
Keywords:
Imported nx-X11-3.1.0-1.tar.gz
into Git repository
|