Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch')
-rw-r--r--gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch61
1 files changed, 61 insertions, 0 deletions
diff --git a/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch
new file mode 100644
index 000000000000..47366ed686cb
--- /dev/null
+++ b/gnome-base/gdm/files/3.24.3-display-object-lifetime-fix.patch
@@ -0,0 +1,61 @@
+From 765b306c364885dd89d47fe9fe8618ce6a467bc1 Mon Sep 17 00:00:00 2001
+From: Ray Strode <rstrode@redhat.com>
+Date: Thu, 19 Jul 2018 16:01:23 -0400
+Subject: [PATCH] display: tie skeleton handlers to object lifetime
+
+Right now we assume a display skeleton object won't
+outlive its associated display object.
+
+In theory that should be true, but if we accidentally
+leak the skeleton it could erroneously happen.
+
+If that does happen then we'll end accessing free'd
+memory, so the leak will turn into a crasher.
+
+This commit addresses this problem by ensuring
+the skeleton signal handlers are disconnected when the
+associated display object goes away.
+
+CVE-2018-14424
+---
+ daemon/gdm-display.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
+index 1b58781d..5e193f2f 100644
+--- a/daemon/gdm-display.c
++++ b/daemon/gdm-display.c
+@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self)
+ self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id);
+ self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ());
+
+- g_signal_connect (self->priv->display_skeleton, "handle-get-id",
+- G_CALLBACK (handle_get_id), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname",
+- G_CALLBACK (handle_get_remote_hostname), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id",
+- G_CALLBACK (handle_get_seat_id), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name",
+- G_CALLBACK (handle_get_x11_display_name), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-is-local",
+- G_CALLBACK (handle_is_local), self);
+- g_signal_connect (self->priv->display_skeleton, "handle-is-initial",
+- G_CALLBACK (handle_is_initial), self);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-id",
++ G_CALLBACK (handle_get_id), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname",
++ G_CALLBACK (handle_get_remote_hostname), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id",
++ G_CALLBACK (handle_get_seat_id), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name",
++ G_CALLBACK (handle_get_x11_display_name), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-local",
++ G_CALLBACK (handle_is_local), self, 0);
++ g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial",
++ G_CALLBACK (handle_is_initial), self, 0);
+
+ g_dbus_object_skeleton_add_interface (self->priv->object_skeleton,
+ G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton));
+--
+2.17.1
+