[Wayland-bugs] [Bug 751414] New: File descriptor leak in gdk_wayland_selection_request_target()
gtk+ (GNOME Bugzilla)
bugzilla at gnome.org
Tue Jun 23 15:16:19 PDT 2015
https://bugzilla.gnome.org/show_bug.cgi?id=751414
Bug ID: 751414
Summary: File descriptor leak in
gdk_wayland_selection_request_target()
Classification: Platform
Product: gtk+
Version: 3.16.x
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: Backend: Wayland
Assignee: gtk-bugs at gtk.org
Reporter: mcatanzaro at gnome.org
QA Contact: gtk-bugs at gtk.org
CC: rob at robster.org.uk, wayland-bugs at lists.freedesktop.org
GNOME version: ---
I discovered that gdk_wayland_selection_request_target() does not close()
wayland_selection->stored_selection.fd before assigning a new fd to it. A
malicious Wayland client can trick a user into dragging data to it from a GTK+
app, and then cause the GTK+ app to leak an arbitrary number of file
descriptors up to its limit by calling wl_data_offer_receive() in a loop. This
probably also work against any GTK+ app that has placed data in the clipboard,
though I didn't test that.
I'll attach the trivial fix.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/wayland-bugs/attachments/20150623/01181fed/attachment.html>
More information about the wayland-bugs
mailing list