[PATCH 4/5] os: fix use after free in EstablishNewConnections
Jeremy Huddleston
jeremyhu at apple.com
Tue Apr 5 09:47:40 PDT 2011
Reviewed-by: Jeremy Huddleston <jeremyhu at apple.com>
On Apr 4, 2011, at 11:54 AM, Jeremy Huddleston wrote:
>> < I just pushed them.
>
> I'll cherry-pick this fix into stable once Keith adds it to master.
>
> On Apr 4, 2011, at 10:54 AM, Tiago Vignatti wrote:
>
>> In the case of failure on AllocNewConnection, new_trans_conn cannot be
>> dereferenced because it's already freed. Swapping the order of this logic fix
>> the changes introduced in 04956b80431169e0ae713a3e6ba4cdc157ce3a66.
>>
>> Signed-off-by: Tiago Vignatti <tiago.vignatti at nokia.com>
>> CC: Jeremy Huddleston <jeremyhu at freedesktop.org>
>> ---
>> os/connection.c | 7 +++----
>> 1 files changed, 3 insertions(+), 4 deletions(-)
>>
>> diff --git a/os/connection.c b/os/connection.c
>> index 5580fab..0c580ab 100644
>> --- a/os/connection.c
>> +++ b/os/connection.c
>> @@ -852,15 +852,14 @@ EstablishNewConnections(ClientPtr clientUnused, pointer closure)
>>
>> _XSERVTransSetOption(new_trans_conn, TRANS_NONBLOCKING, 1);
>>
>> + if(trans_conn->flags & TRANS_NOXAUTH)
>> + new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
>> +
>> if (!AllocNewConnection (new_trans_conn, newconn, connect_time))
>> {
>> ErrorConnMax(new_trans_conn);
>> _XSERVTransClose(new_trans_conn);
>> }
>> -
>> - if(trans_conn->flags & TRANS_NOXAUTH)
>> - new_trans_conn->flags = new_trans_conn->flags | TRANS_NOXAUTH;
>> -
>> }
>> #ifndef WIN32
>> }
>> --
>> 1.7.0.4
>>
>
> _______________________________________________
> xorg-devel at lists.x.org: X.Org development
> Archives: http://lists.x.org/archives/xorg-devel
> Info: http://lists.x.org/mailman/listinfo/xorg-devel
>
More information about the xorg-devel
mailing list