aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/os
Commit message (Collapse)AuthorAgeFilesLines
* dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]Alan Coopersmith2015-02-161-0/+6
| | | | | | | | | | | | | | | | | | | | | GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: human-readable version of "1 MB" (Mihai Moldovan) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
* Revert "dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]"Mihai Moldovan2015-02-161-6/+0
| | | | This reverts commit d4c76981f7fddb364166464c571ed8d3de3086cd.
* dix: integer overflow in GetHosts() [CVE-2014-8092 2/4]Alan Coopersmith2015-02-141-0/+6
| | | | | | | | | | | | | | | | | | | | GetHosts() iterates over all the hosts it has in memory, and copies them to a buffer. The buffer length is calculated by iterating over all the hosts and adding up all of their combined length. There is a potential integer overflow, if there are lots and lots of hosts (with a combined length of > ~4 gig). This should be possible by repeatedly calling ProcChangeHosts() on 64bit machines with enough memory. This patch caps the list at 1mb, because multi-megabyte hostname lists for X access control are insane. v2: backport to nx-libs 3.6.x (Mike DePaulo) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/access.c
* unchecked malloc may allow unauthed client to crash Xserver [CVE-2014-8091]Alan Coopersmith2015-02-141-0/+4
| | | | | | | | | | | | | | | | | | authdes_ezdecode() calls malloc() using a length provided by the connection handshake sent by a newly connected client in order to authenticate to the server, so should be treated as untrusted. It didn't check if malloc() failed before writing to the newly allocated buffer, so could lead to a server crash if the server fails to allocate memory (up to UINT16_MAX bytes, since the len field is a CARD16 in the X protocol). Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Conflicts: os/rpcauth.c
* Fix CVE-2011-4028: File disclosure vulnerability. upstream xorg/xserver ↵Mike DePaulo2015-02-141-1/+1
| | | | | | | | commit 6ba44b91e37622ef8c146d8f2ac92d708a18ed34 use O_NOFOLLOW to open the existing lock file, so symbolic links aren't followed, thus avoid revealing if it point to an existing file.
* Unbrand NX Agent Startup Screen / Brand X2Go Agent Startup Screen ↵Oleksandr Shneyder2015-02-131-1/+13
| | | | | | | | | | (999_nxagent_unbrand-nxagent-brand-x2goagent.full.patch). When launched with NX Agent flavour, the startup screen gets unbranded by this patch (the !M logo does not get shown). When launched with X2Go Agent flavour, the startup screen gets branded with the X2GO logo.
* Be compliant with POS36-C: Observe correct revocation order while ↵Orion Poplawski2015-02-131-0/+7
| | | | | | | | | | | | | | | | relinquishing privileges (602_nx-X11_initgroups.full.patch). The Fedora review of NX (redistributed) caught the following rpmlint issue: This executable is calling setuid and setgid without setgroups or initgroups. There is a high probability this mean it didn't relinquish all groups, and this would be a potential security issue to be fixed. Seek POS36-C on the web for details about the problem. Ref POS36-C: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges This patch adds initgroups() calls to the code to initialize the supplemental group list.
* FHS path fix for rgb fileMarcelo Boveto Shima2015-02-101-1/+1
| | | | | | | This patch is needed on Debian only, not reporting this path addition to upstream. Patch was modified by Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
* Fix -Werror=format-security errors ↵Orion Poplawski2015-02-091-2/+2
| | | | | | | | (056_nx-X11_Werror-format-security.full.patch). The below patch fixes more -Werror=format-security errors. Interestingly, most of the errors only showed up on our arm builds. No idea why.
* drop .original files from the current code baseMike Gabriel2015-02-0218-16364/+0
|
* Revert "release 3.5.0.19"Mike Gabriel2013-03-281-1/+1
| | | | This reverts commit e77bf36d9afbc7e56522574b06217d57c11dd095.
* release 3.5.0.19Mike Gabriel2013-03-281-1/+1
|
* Imported nx-X11-3.5.0-1.tar.gznx-X11/3.5.0-1Reinhard Tartler2011-10-1010-10/+10
| | | | | | | | Summary: Imported nx-X11-3.5.0-1.tar.gz Keywords: Imported nx-X11-3.5.0-1.tar.gz into Git repository
* Imported nx-X11-3.4.0-3.tar.gznx-X11/3.4.0-3Reinhard Tartler2011-10-1012-12/+12
| | | | | | | | Summary: Imported nx-X11-3.4.0-3.tar.gz Keywords: Imported nx-X11-3.4.0-3.tar.gz into Git repository
* Imported nx-X11-3.4.0-1.tar.gznx-X11/3.4.0-1Reinhard Tartler2011-10-1010-20/+20
| | | | | | | | Summary: Imported nx-X11-3.4.0-1.tar.gz Keywords: Imported nx-X11-3.4.0-1.tar.gz into Git repository
* Imported nx-X11-3.3.0-7.tar.gznx-X11/3.3.0-7Reinhard Tartler2011-10-102-2/+2
| | | | | | | | Summary: Imported nx-X11-3.3.0-7.tar.gz Keywords: Imported nx-X11-3.3.0-7.tar.gz into Git repository
* Imported nx-X11-3.3.0-6.tar.gznx-X11/3.3.0-6Reinhard Tartler2011-10-103-0/+326
| | | | | | | | Summary: Imported nx-X11-3.3.0-6.tar.gz Keywords: Imported nx-X11-3.3.0-6.tar.gz into Git repository
* Imported nx-X11-3.3.0-5.tar.gznx-X11/3.3.0-5Reinhard Tartler2011-10-102-0/+26
| | | | | | | | Summary: Imported nx-X11-3.3.0-5.tar.gz Keywords: Imported nx-X11-3.3.0-5.tar.gz into Git repository
* Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1Reinhard Tartler2011-10-1036-0/+32336
Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository