|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [CVE-2006-0745] X.Org potential privilege elevation and DoS
From: Matthias Kilian (kili
outback.escape.de)
Date: Tue Mar 21 2006 - 10:28:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[Pushed to tech because of the patch below]
On Mon, Mar 20, 2006 at 08:46:23PM +0100, Matthieu Herrb wrote:
> If you're building X from sources, update your sources, and make sure
> that you have at least
> XF4/xc/programs/Xserver/hw/xfree86/common/xf86Init.c revision 1.14.
Interesting error. What about letting lint(1) detect it?
diff -rNu -x CVS ../lint1/tree.c ./tree.c
--- ../lint1/tree.c Tue Mar 21 17:16:56 2006
+++ ./tree.c Tue Mar 21 17:14:42 2006
-3664,6 +3664,12
if (ln->tn_op != CON && rn->tn_op != CON)
return;
+ if (lt == PTR && isityp(rt) && ln->tn_type->t_subt->t_tspec == FUNC ||
+ rt == PTR && isityp(lt) && rn->tn_type->t_subt->t_tspec == FUNC) {
+ /* comparison of %s with %s, op %s */
+ warning(162, "function", "number", mp->m_name);
+ }
+
if (!isityp(lt) || !isityp(rt))
return;
Note that it's a quick hack that would need more testing wether it
breaks something or creates additional false positives. It also only
detects expressions like geteuid != 0, i.e. the following
if (!getuid() || !geteuid) ...
is not yet reported.
Ciao,
Kili
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]