Accepting request 823797 from X11:XOrg

- U_FixForZDI-11426.patch * Leak of uninitialized heap memory form the X server to clients on pixmap allocation (ZDI-CAN-11426, CVE-2020-14347, bsc#1174633) OBS-URL: https://build.opensuse.org/request/show/823797 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xorg-x11-server?expand=0&rev=384
2020-08-05 18:26:01 +00:00 · 2020-08-05 18:26:01 +00:00 · 85b81afdc5
commit 85b81afdc5
parent ed2b644128 d7e8d0e628
3 changed files with 34 additions and 0 deletions
--- a/U_FixForZDI-11426.patch
+++ b/U_FixForZDI-11426.patch
@ -0,0 +1,23 @@
+Avoid leaking un-initalized memory to clients by zeroing the
+whole pixmap on initial allocation.
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+---
+ dix/pixmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/dix/pixmap.c b/dix/pixmap.c
+index 1186d7dbb..5a0146bbb 100644
+--- a/dix/pixmap.c
+++ b/dix/pixmap.c
+@@ -116,7 +116,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
+     if (pScreen->totalPixmapSize > ((size_t) - 1) - pixDataSize)
+         return NullPixmap;
+ 
+-    pPixmap = malloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = calloc(1, pScreen->totalPixmapSize + pixDataSize);
+     if (!pPixmap)
+         return NullPixmap;
--- a/xorg-x11-server.changes
+++ b/xorg-x11-server.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jul 31 19:54:05 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
+
+- U_FixForZDI-11426.patch
+  *  Leak of uninitialized heap memory form the X server to clients
+     on pixmap allocation (ZDI-CAN-11426, CVE-2020-14347, bsc#1174633)
+
 -------------------------------------------------------------------
 Tue Jun 30 16:48:06 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>

--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -250,6 +250,8 @@ Patch1505:      U_xwayland-Allow-passing-a-fd.patch

 Patch1600:      U_glamor_egl-Reject-OpenGL-2.1-early-on.patch

+Patch1174633:   U_FixForZDI-11426.patch
+
 %description
 This package contains the X.Org Server.

@ -399,6 +401,8 @@ sh %{SOURCE92} --verify . %{SOURCE91}
 %patch1505 -p1
 %patch1600 -p1

+%patch1174633 -p1
+
 %build
 %define _lto_cflags %{nil}
 test -e source-file-list || \