Xext/shm: Validate shmseg resource id (CVE-2017-13721)
Otherwise it can belong to a non-existing client and abort X server with FatalError "client not in use", or overwrite existing segment of another existing client. Signed-off-by: Julien Cristau <jcristau@debian.org>
This commit is contained in:
parent
db465bae53
commit
b95f25af14
|
@ -1238,6 +1238,7 @@ ProcShmCreateSegment(ClientPtr client)
|
|||
};
|
||||
|
||||
REQUEST_SIZE_MATCH(xShmCreateSegmentReq);
|
||||
LEGAL_NEW_RESOURCE(stuff->shmseg, client);
|
||||
if ((stuff->readOnly != xTrue) && (stuff->readOnly != xFalse)) {
|
||||
client->errorValue = stuff->readOnly;
|
||||
return BadValue;
|
||||
|
|
Loading…
Reference in New Issue
Block a user