Bug#514406: xautolock: Uses freed memory for starting the locker

Sat, 07 Feb 2009 01:54:05 -0800 

Package: xautolock
Version: 1:2.1-7
Severity: grave
Justification: user security hole
Tags: security

xautolock uses an already freed memory address for starting the locker.

valgrind says:

==6017== Syscall param execve(argv[i]) points to unaddressable byte(s)
==6017==    at 0x55E43A7: execve (in /lib/libc-2.7.so)
==6017==    by 0x55E479A: execl (in /lib/libc-2.7.so)
==6017==    by 0x404026: (within /usr/bin/xautolock)
==6017==    by 0x40427B: (within /usr/bin/xautolock)
==6017==    by 0x55641A5: (below main) (in /lib/libc-2.7.so)
==6017==  Address 0x62ddcf0 is 16 bytes inside a block of size 65 free'd
==6017==    at 0x4C2130F: free (vg_replace_malloc.c:323)
==6017==    by 0x52852AA: (within /usr/lib/libX11.so.6.2.0)
==6017==    by 0x5285314: (within /usr/lib/libX11.so.6.2.0)
==6017==    by 0x52853B2: XrmDestroyDatabase (in /usr/lib/libX11.so.6.2.0)
==6017==    by 0x40334C: (within /usr/bin/xautolock)
==6017==    by 0x4040DE: (within /usr/bin/xautolock)
==6017==    by 0x55641A5: (below main) (in /lib/libc-2.7.so)

I noticed this because whenever I let xautolock start from my .xsessionrc it
would fail to start my screen locker. Instead of this:
  swarp 840 525 ; xset dpms force off ; slock
it started something like this, according to strace (the corruption didn't
always look the same):
  swarp 840 525 ; xset dpms force off ; slo\377\377\300

Because xset turned off the screen, I didn't notice that slock wasn't started
and thus my screen wasn't locked, which is why I think this is a security issue.
Feel free to correct me. ;)

Greetings
Uli Schlachter

-- System Information:
Debian Release: 5.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.7wlan.2.0 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xautolock depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libx11-6                      2:1.1.5-2  X11 client-side library
ii  libxext6                      2:1.0.4-1  X11 miscellaneous extension librar
ii  libxss1                       1:1.1.3-1  X11 Screen Saver extension library

Versions of packages xautolock recommends:
pn  xlockmore | xtrlock | xscreen <none>     (no description available)

xautolock suggests no packages.

-- no debconf information

-- 
"Do you know that books smell like nutmeg or some spice from a foreign land?"
                                                  -- Faber in Fahrenheit 451



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to