| Summary: | Probable of by one buffer overflow in .../xorgconfig/xorgconfig.c | ||||||
|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | Roland "Test-tools" Bär <roland> | ||||
| Component: | Server/General | Assignee: | Xorg Project Team <xorg-team> | ||||
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> | ||||
| Severity: | normal | ||||||
| Priority: | low | Keywords: | janitor, patch | ||||
| Version: | git | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| i915 platform: | i915 features: | ||||||
| Attachments: |
|
||||||
Created attachment 11005 [details] [review] trivial patch for hw/xfree86/utils/xorgconfig/xorgconfig.c Fix committed to Xorg head for upcoming Xorg-server 1.4 release - thanks! commit f6aa2200f2fb4f4d4bb51e67d68e86aabcac0c4b Author: Roland "Test-tools" Bär <roland@verifysoft.de> Date: Mon Aug 6 12:37:52 2007 -0700 Probable off by one buffer overflow in .../xorgconfig/xorgconfig.c X.Org Bug #11858 <http://bugs.freedesktop.org/show_bug.cgi?id=11858> Patch #11005 <http://bugs.freedesktop.org/attachment.cgi?id=11005> |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
In xorgconfig.c around line 2444 if (len > sizeof(cur)) continue; strncpy(cur, thisdir, len); cur[len] = '\0'; border case, len==sizeof(cur) the following null terminating code will overrun by one. Please apply attached patch ...