[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [linux-security] libX11



Alex Belits wrote:
> 
> On Mon, 24 Feb 1997, David Sacerdote wrote:
> 
> > One of the many examples of flawed code in X11R6.1, in this case from
> > GetDflt.c reads:
> > 
> > if (ptr = getenv("HOME"))
> >         (void) strcpy(dest, ptr);
> > 
> > While the corrected code for this particular exammple in X11R6.3 reads:
> > 
> > if (ptr = getenv("HOME")) {
> >         (void) strncpy(dest, ptr, len);
> >         dest[len-1] = '\0';
> > 
> > Note that this code correctly adds a null character at the end of the
> > string after the strncpy.
> 
>   After a quick look at XFree86 3.2 source (what most of recent Linux and
> not only Linux distributions are based on), it seems that those changes
> are already in even though XFree86 3.2 is based on X11R6.1, not on
> more or less recently released X11R6.3 ("Broadway"). Can anyone tell what
> is the relation between XFree86 3.2, X11R6.1 and X11R6.3 sources of libX11
> and libXt? Was XFree86 3.2 based on X11R6.1 with fixes, and then those
> fixes were incorporated in X11R6.3 or XFree86 3.2 was based on code, fixed
> in the process of making X11R6.3? And in any case are there any security
> bugs, fixed in X11R6.3 and not fixed in XFree86 3.2? Or the opposite? I
> probably could find that by thoroughly examining the code, but I believe
> that this information is important not only for me. A lot of x86-based
> systems users mostly use XFree86 distribution instead of "original" X11
> distriution that generally incorporates a lot of already released XFree86
> code, and games around X code and trademark, played by certain
> commercial/standardizing organization could make things worse.

I'll speak as XFree86 beta test member.

The patches that the X consortium was putting into R6.3 were indeed
sent on to XFree86, and incorporated. The XFree86 team is not aware of
any fixes that were "left out" or anything like that.

The Core team did a good job in finding a set of buffer overruns,
which were sent on to the XFree86 team. Members of the XFree86 team
have also contributed to fixes that have found their way back to the
core maintainers. Both teams attempt to incorporate all security 
fixes, but errors are made. If anyone finds a problem, please
report it to the appropriate development team.

				Roger Wolff.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]