rpms/gdm/F-11 xdmcp-use-after-free.patch, NONE, 1.1 gdm.spec, 1.467, 1.468

Matthias Clasen mclasen at fedoraproject.org
Wed Apr 29 00:20:50 UTC 2009 

Author: mclasen

Update of /cvs/pkgs/rpms/gdm/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26169

Modified Files:
	gdm.spec 
Added Files:
	xdmcp-use-after-free.patch 
Log Message:
fix a use-after-free in xdmcp code


xdmcp-use-after-free.patch:

--- NEW FILE xdmcp-use-after-free.patch ---
--- gdm-2.26.1/daemon/gdm-xdmcp-display-factory.c.orig	2009-03-16 20:12:08.000000000 +0000
+++ gdm-2.26.1/daemon/gdm-xdmcp-display-factory.c	2009-04-23 11:49:50.000000000 +0100
@@ -2309,8 +2309,6 @@
                                 authorization_data.data     = (CARD8 *) cookie->data;
                                 authorization_data.length   = cookie->len;
 
-                                g_array_free (cookie, TRUE);
-
                                 /* the addrs are NOT copied */
                                 gdm_xdmcp_send_accept (factory,
                                                        address,
@@ -2319,6 +2317,8 @@
                                                        &authentication_data,
                                                        &authorization_name,
                                                        &authorization_data);
+
+                                g_array_free (cookie, TRUE);
                         }
                 }
         } else {


Index: gdm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gdm/F-11/gdm.spec,v
retrieving revision 1.467
retrieving revision 1.468
diff -u -p -r1.467 -r1.468
--- gdm.spec	28 Apr 2009 17:38:44 -0000	1.467
+++ gdm.spec	29 Apr 2009 00:20:19 -0000	1.468
@@ -16,7 +16,7 @@
 Summary: The GNOME Display Manager
 Name: gdm
 Version: 2.26.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: User Interface/X
@@ -101,6 +101,9 @@ Patch19: gdm-2.26.1-multistack.patch
 # http://bugzilla.gnome.org/show_bug.cgi?id=580189
 Patch20: session-client.patch
 
+# fixed upstream
+Patch21: xdmcp-use-after-free.patch
+
 # Fedora-specific
 Patch99: gdm-2.23.1-fedora-logo.patch
 
@@ -145,6 +148,8 @@ The GDM fingerprint plugin provides func
 
 %patch20 -p1 -b .session-client
 
+%patch21 -p1 -b .xdmcp-use-after-free
+
 %patch99 -p1 -b .fedora-logo
 
 autoreconf -i -f
@@ -385,6 +390,9 @@ fi
 %{_libdir}/gdm/simple-greeter/plugins/fingerprint.so
 
 %changelog
+* Tue Apr 28 2009 Matthias Clasen <mclasen at redhat.com> - 1:2.26.1-6
+- fix a use-after-free in XDMCP code paths (#496882)
+
 * Tue Apr 28 2009 Ray Strode <rstrode at redhat.com> - 1:2.26.1-5
 - fix crash at shutdown

More information about the scm-commits mailing list