diff options
Diffstat (limited to 'net-misc/x11rdp/files/xorg-server-1.9-cve-2013-1940.patch')
| -rw-r--r-- | net-misc/x11rdp/files/xorg-server-1.9-cve-2013-1940.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/net-misc/x11rdp/files/xorg-server-1.9-cve-2013-1940.patch b/net-misc/x11rdp/files/xorg-server-1.9-cve-2013-1940.patch new file mode 100644 index 000000000000..f06b923f3d92 --- /dev/null +++ b/net-misc/x11rdp/files/xorg-server-1.9-cve-2013-1940.patch @@ -0,0 +1,31 @@ +From 6ca03b9161d33b1d2b55a3a1a913cf88deb2343f Mon Sep 17 00:00:00 2001 +From: Dave Airlie <airlied@gmail.com> +Date: Wed, 10 Apr 2013 06:09:01 +0000 +Subject: xf86: fix flush input to work with Linux evdev devices. + +So when we VT switch back and attempt to flush the input devices, +we don't succeed because evdev won't return part of an event, +since we were only asking for 4 bytes, we'd only get -EINVAL back. + +This could later cause events to be flushed that we shouldn't have +gotten. + +This is a fix for CVE-2013-1940. + +Signed-off-by: Dave Airlie <airlied@redhat.com> +Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> + +diff -ur a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c +--- a/hw/xfree86/os-support/shared/posix_tty.c 2010-06-11 08:10:22.000000000 +0200 ++++ b/hw/xfree86/os-support/shared/posix_tty.c 2013-04-17 22:49:20.389795964 +0200 +@@ -460,7 +460,8 @@ + { + fd_set fds; + struct timeval timeout; +- char c[4]; ++ /* this needs to be big enough to flush an evdev event. */ ++ char c[256]; + + DebugF("FlushingSerial\n"); + if (tcflush(fd, TCIFLUSH) == 0) |