XLibre/xserver
1
1
Fork 0
mirror of https://github.com/X11Libre/xserver.git synced 2026-03-24 01:34:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a1e44d3c4ff997772c695c578286e2735e17f445
xserver/xfixes
History
Olivier Fourdan a1e44d3c4f xfixes: Check request length for SetClientDisconnectMode 
The handler of XFixesSetClientDisconnectMode does not check the client
request length.

A client could send a shorter request and read data from a former
request.

Fix the issue by checking the request size matches.

CVE-2025-49177

This issue was discovered by Nils Emmerich <nemmerich@ernw.de> and
reported by Julian Suleder via ERNW Vulnerability Disclosure.

Fixes: e167299f6 - xfixes: Add ClientDisconnectMode
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2024>
2025-06-17 20:01:25 +02:00
..
cursor.c
xfixes: XFixesSelectCursorInput() use calloc()
2025-06-12 17:21:44 +02:00
disconnect.c
xfixes: Check request length for SetClientDisconnectMode
2025-06-17 20:01:25 +02:00
meson.build
xfixes: Add ClientDisconnectMode
2021-06-07 17:28:05 +02:00
region.c
dix: clean up MakeWindowOptional() calls and add alloc fault checks
2025-06-12 17:21:48 +02:00
saveset.c
xfixes: simplify dispatcher
2025-06-12 17:21:44 +02:00
select.c
dix: add selection filtering hooks
2025-06-12 17:21:48 +02:00
xfixes.c
miext: move over extinit_priv.h from include
2025-06-12 17:21:46 +02:00
xfixes.h
xfixes: Unexport xfixes.h
2015-07-08 16:40:58 -04:00
xfixesint.h
dix: move over private defintions from selection.h to private header
2025-06-12 17:21:46 +02:00