Overview

File u_Xext-shm-Validate-shmseg-resource-id.patch of Package xorg-x11-server.15942

Patch-mainline: To be upstreamed
Author: Michal Srb <msrb@suse.com>
Subject: Xext/shm: Validate shmseg resource id.
References: bnc#1052984 CVE-2017-13721

Otherwise it can belong to a non-existing client and abort X server with
FatalError "client not in use", or overwrite existing segment of another
existing client.
---
Please let me know if this does not belong to xorg-security. I don't want
to spam here, but I also don't want to risk sending a possible
vulnerability to public mailing list.


 Xext/shm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Xext/shm.c b/Xext/shm.c
index 91ea90b14..2f9a78808 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client)
     };
 
     REQUEST_SIZE_MATCH(xShmCreateSegmentReq);
+    LEGAL_NEW_RESOURCE(stuff->shmseg, client);
     if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) {
         client->errorValue = stuff->readOnly;
         return BadValue;
-- 
2.12.3
openSUSE Build Service is sponsored by
Places