components/x11/xorg-server/patches/CVE-2018-14665.patch

   1 diff --git a/hw/xfree86/common/xf86Init.c b/hw/xfree86/common/xf86Init.c
   2 index 6c25eda739719d11f0e4c2dcf59c2a06d2b9ac97..0f57efa86324bb933fe9e239b46f62d04a739d39 100644
   3 --- a/hw/xfree86/common/xf86Init.c
   4 +++ b/hw/xfree86/common/xf86Init.c
   5 @@ -935,14 +935,18 @@ ddxProcessArgument(int argc, char **argv, int i)
   6      /* First the options that are not allowed with elevated privileges */
   7      if (!strcmp(argv[i], "-modulepath")) {
   8          CHECK_FOR_REQUIRED_ARGUMENT();
   9 -        xf86CheckPrivs(argv[i], argv[i + 1]);
  10 +        if (xf86PrivsElevated())
  11 +              FatalError("\nInvalid argument -modulepath "
  12 +                "with elevated privileges\n");
  13          xf86ModulePath = argv[i + 1];
  14          xf86ModPathFrom = X_CMDLINE;
  15          return 2;
  16      }
  17      if (!strcmp(argv[i], "-logfile")) {
  18          CHECK_FOR_REQUIRED_ARGUMENT();
  19 -        xf86CheckPrivs(argv[i], argv[i + 1]);
  20 +        if (xf86PrivsElevated())
  21 +              FatalError("\nInvalid argument -logfile "
  22 +                "with elevated privileges\n");
  23          xf86LogFile = argv[i + 1];
  24          xf86LogFileFrom = X_CMDLINE;
  25          return 2;
  26 diff --git a/os/log.c b/os/log.c
  27 index a3b28ccb42cd23dadfc427ff91b518e24ad488b5..803639ef0685b446827b56aee55a1e314d787403 100644
  28 --- a/os/log.c
  29 +++ b/os/log.c
  30 @@ -194,6 +194,8 @@ LogFilePrep(const char *fname, const char *backup, const char *idstring)
  31  {
  32      char *logFileName = NULL;
  33
  34 +    /* the format string below is controlled by the user,
  35 +       this code should never be called with elevated privileges */
  36      if (asprintf(&logFileName, fname, idstring) == -1)
  37          FatalError("Cannot allocate space for the log file name\n");
  38