Potential fix for code scanning alert no. 1935: Unbounded write#26
Open
HaplessIdiot wants to merge 438 commits into
Open
Potential fix for code scanning alert no. 1935: Unbounded write#26HaplessIdiot wants to merge 438 commits into
HaplessIdiot wants to merge 438 commits into
Conversation
…aki. I've finally contacted with Yamasaki-san and he kindly answered "no objection to change them to 2 clause license" in private mail. Diffs to be committed have also been confirmed by him. We appreciate all his contribution to early NetBSD/x68k.
https://mail-index.netbsd.org/source-changes/2020/07/18/msg119473.html > Use AllocDevicePair() to initialize input devices in InitInput(). Untested, but I'll re-visit on migrating to HAVE_XORG_SERVER_VER=120.
Use the NotifyFd API instead as per upstream commits: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55c2e1a3aa587c58a74066724e11e30b3df267b8 https://cgit.freedesktop.org/xorg/xserver/commit/?id=be5a513fee6cbf29ef7570e57eb0436d70fbd88c https://cgit.freedesktop.org/xorg/xserver/commit/?id=60a91031d13e4d29c383087120e318f6b528b6e5 https://cgit.freedesktop.org/xorg/xserver/commit/?id=7def2fea30060d47780dc1eedc91fada5ae1934f
As per upstream commits for Xnest: https://cgit.freedesktop.org/xorg/xserver/commit/?id=67c303fff303f94b62f03a76de97116c6ebcfda9 Note GLXEXT is defined as 1 in xorg-server/include/xorg-server.h (i.e. /usr/X11R7/include/xorg/xorg-server.h) so no proper way to disable it on building MD servers per ${MACHINE} basis.
https://mail-index.netbsd.org/source-changes/2020/07/18/msg119488.html > Fix 1bpp Xservers on "whitePixel=0, blackPixel=1" VRAMs. > > - Don't override pScreen->blackPixel and pScreen->whitePixel > (set in MD server Init functions per -filpPixels option) > on 1bpp servers in merged fbSetupScreen() (merged one > from cfbSetupScrenn and mfbSetupScreen() in old xsrc/xfree) > - Pull mfbCreateColormap() function from old xsrc/xfree tree > and use it on 1bpp servers Confirmed on luna68k 1bpp Xorg 1.20 server using xf86-video-wsfb with "-flipPixels" option.
This is based on 1.10 version imported into xorg-server.old and all upstream API changes between xorg-server 1.10 and 1.20 are applied almost mechanically. https://github.com/tsutsui/xorg-server-Xsun/commits/xorg-server-1.20 Xsun and XsunMono servers are also confirmed working with bwtwo on 3/60 and tme, and cgtwo on tme. XKB stuff is still to be resolved.
Fixes build error on sparc64. No binary change on sun3.
This should be updated before 1.20 import: https://cgit.freedesktop.org/xorg/xserver/commit/?id=87d4f90bfcb509471ac9e7886e14a92b33223fd7
Botched in mechanical 1.20 updates.
Now CapsLock and NumLock LEDs work correctly. XXX: No ScrollLock LED
Now ScrollLock LED works properly.
…ball. From aac28e1 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb <matthieu@herrb.eu> Date: Sat, 25 Jul 2020 19:33:50 +0200 Subject: [PATCH] fix for ZDI-11426 Avoid leaking un-initalized memory to clients by zeroing the whole pixmap on initial allocation. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
…tings. Now all modifier keys (CTRL, SHIFT, and NumLock) work as expected. It seems XkbApplyMappingChange() doesn't update some XKB modifier settings even if new modmap data is specified.
Potential fix for code scanning alert no. 62: Non-constant format string
… pair is supported"
…pr-1780 Revert "glamor/glamor_egl.c: Check if at least one (format, modifier) pair is supported"
… pair is supported"
…pr-1780 Revert "glamor/glamor_egl.c: Check if at least one (format, modifier) pair is supported"
Make IgnoreABI configurable through config files
Unify intel video driver and evdev input inside source tree
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Potential fix for https://github.com/supersonic-xserver/ssX/security/code-scanning/1935
In general, to fix unbounded write issues like this, every copy into a heap or stack buffer must be limited by the known size of that buffer, and the destination must always be null-terminated. For string copies, this means replacing
strcpywithstrncpyor, more robustly,snprintf/strlcpy-style calls that take the buffer size as an argument. The size used must be the same or smaller than what was used when allocating or defining the buffer.For this specific instance in
programs/xdm/auth.cinMakeServerAuthFile, we already allocated->authFilewithmalloc(len)wherelenwas computed asstrlen(d->clientAuthFile) + 1whend->clientAuthFileis used. The simplest safe fix is to copy at mostlen - 1bytes and explicitly null-terminate. We can do this withstrncpy(d->authFile, d->clientAuthFile, len - 1); d->authFile[len - 1] = '\0';. This preserves behavior (the entire string is copied, becauselen - 1equalsstrlen(d->clientAuthFile)here) but makes the sink safe even if the allocation logic is modified later or iflenis computed differently. No new headers are needed because<string.h>is already indirectly available in this codebase; if it were not, we would add it.Concretely:
programs/xdm/auth.c, withinMakeServerAuthFile, replace thestrcpy (d->authFile, d->clientAuthFile);line with a bounded copy usingstrncpyand forced null-termination, using the existinglenvariable.strcpysink; the taint-analysis chain through the other files is only to justify untrusted input, not to be changed for this fix.Suggested fixes powered by Copilot Autofix. Review carefully before merging.