Your message dated Thu, 20 Aug 2009 06:17:27 +0000
with message-id <e1me0xj-0006zf...@ries.debian.org>
and subject line Bug#539699: fixed in xscreensaver 5.07-1+nmu1
has caused the Debian Bug report #539699,
regarding xscreensaver: unlocked because killed, infinite loop with small screen
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
539699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: xscreensaver
Version: 5.05-3
Severity: grave
Tags: security patch
Justification: user security hole
Reproduce by setting a narrow X resolution, in this case I was running
Xnest at 410x384, type something to get the password dialog, but it
never comes up. xscreensaver goes into an infinite loop eating
memory, and the one time I let it run, the Linux kernel out of memory
detector killed xscreensaver unlocking the X server. That's why I
marked this with the security tags.
Do any hardware and X software automatically pick up and use newly
plugged in displays? If so, it might be exploited by, plugging in a
custom display device with a small screen, and use this exploit to
kill the screen saver get access to the system, then restart the
xscreensaver to make detection more difficult.
The problem is when mlstring_wrap detects a space will copy the
whitespace on to a new line and then truncate the original string for
the current line. If in the next iteration the line is still too
long, and the current whitespace character is the first one
encountered it is in an infinite loop finding the same whitespace
character.
In my case line_length is 5, and the string is
"Please enter your password."
This patch will leave the whitespace in the previous line so it can't
be found the next iteration. It will also make the previous line too
wide, but only the whitespace would be over the border.
On a site note it might be a good idea to always put the logo on the
right side, or put it on the right side when the width is too small.
With the patch at 410 pixels wide the logo takes up almost all of the
screen and the text is just visible at the right side.
diff --git a/driver/mlstring.c b/driver/mlstring.c
index d6df844..a850890 100644
--- a/driver/mlstring.c
+++ b/driver/mlstring.c
@@ -153,6 +153,8 @@ mlstring_wrap(mlstring *mstring, XFontStruct *font,
Dimension width)
if (wrap_at == -1) /* No space found, hard wrap */
wrap_at = line_length;
+ else
+ wrap_at++; /* Leave the space at the end of the line. */
newml = calloc(1, sizeof(*newml));
if (!newml) /* OOM, don't bother trying to wrap */
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 2.6.29-rc3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages xscreensaver depends on:
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.6-2 The GLib library of C routines
ii libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l
ii libpango1.0-0 1.20.5-5 Layout and rendering of internatio
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii libxmu6 2:1.0.4-1 X11 miscellaneous utility library
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxrandr2 2:1.2.3-1 X11 RandR extension library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
ii libxxf86misc1 1:1.0.1-3 X11 XFree86 miscellaneous extensio
ii libxxf86vm1 1:1.0.2-1 X11 XFree86 video mode extension l
ii xscreensaver-data 5.05-3 data files to be shared among scre
Versions of packages xscreensaver recommends:
ii libjpeg-progs 6b-14 Programs for manipulating JPEG fil
ii perl [perl5] 5.10.0-19 Larry Wall's Practical Extraction
ii wamerican [wordlist] 6-2.3 American English dictionary words
pn xli | xloadimage <none> (no description available)
Versions of packages xscreensaver suggests:
ii fortune-mod [fortune] 1:1.99.1-3.1 provides fortune cookies on demand
ii iceape-browser [www-bro 1.1.14-1 Iceape Navigator (Internet browser
ii iceweasel [www-browser] 3.0.6-1 lightweight web browser based on M
ii konqueror [www-browser] 4:3.5.9.dfsg.1-6 KDE's advanced file manager, web b
ii lynx-cur [www-browser] 2.8.7dev9-2.1 Text-mode WWW Browser with NLS sup
ii streamer 3.95.dfsg.1-8 television capture tool (images/mo
pn xdaliclock <none> (no description available)
pn xfishtank <none> (no description available)
pn xscreensaver-gl <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xscreensaver
Source-Version: 5.07-1+nmu1
We believe that the bug you reported is fixed in the latest version of
xscreensaver, which is due to be installed in the Debian FTP archive:
xscreensaver-data-extra_5.07-1+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-data-extra_5.07-1+nmu1_i386.deb
xscreensaver-data_5.07-1+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-data_5.07-1+nmu1_i386.deb
xscreensaver-gl-extra_5.07-1+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-gl-extra_5.07-1+nmu1_i386.deb
xscreensaver-gl_5.07-1+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver-gl_5.07-1+nmu1_i386.deb
xscreensaver_5.07-1+nmu1.diff.gz
to pool/main/x/xscreensaver/xscreensaver_5.07-1+nmu1.diff.gz
xscreensaver_5.07-1+nmu1.dsc
to pool/main/x/xscreensaver/xscreensaver_5.07-1+nmu1.dsc
xscreensaver_5.07-1+nmu1_i386.deb
to pool/main/x/xscreensaver/xscreensaver_5.07-1+nmu1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 539...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilb...@gmail.com> (supplier of updated xscreensaver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 17 Aug 2009 00:43:39 -0400
Source: xscreensaver
Binary: xscreensaver xscreensaver-data xscreensaver-data-extra xscreensaver-gl
xscreensaver-gl-extra
Architecture: source i386
Version: 5.07-1+nmu1
Distribution: experimental
Urgency: high
Maintainer: Jose Luis Rivas <ghostba...@gmail.com>
Changed-By: Michael Gilbert <michael.s.gilb...@gmail.com>
Description:
xscreensaver - Automatic screensaver for X
xscreensaver-data - data files to be shared among screensaver frontends
xscreensaver-data-extra - data files to be shared among screensaver frontends
xscreensaver-gl - GL(Mesa) screen hacks for xscreensaver
xscreensaver-gl-extra - GL(Mesa) screen hacks for xscreensaver
Closes: 539699
Changes:
xscreensaver (5.07-1+nmu1) experimental; urgency=high
.
* Non-maintainer upload by the security team.
* Fix local screen lock bypass vulnerability (closes: #539699).
Checksums-Sha1:
f3e8cd04d17421b9785a84e9263e1ae6a30309ba 1761 xscreensaver_5.07-1+nmu1.dsc
589df73b90f08f59ca32e1bb11cfaf58a462f8d4 76860 xscreensaver_5.07-1+nmu1.diff.gz
a2741d80efc664039610237a0555bed9193d94d1 731240
xscreensaver_5.07-1+nmu1_i386.deb
28bb8fd8be0fef6165de283c46c8f6da3956af41 512544
xscreensaver-data_5.07-1+nmu1_i386.deb
b0c38f2a9289c1a74e52eac13cc692c7dc1f8893 3141278
xscreensaver-data-extra_5.07-1+nmu1_i386.deb
c61dddb54584a78cdd9ec6c2ff00415f8459f769 1926544
xscreensaver-gl_5.07-1+nmu1_i386.deb
2200a13832e8f5e1d06aa8f644c037ea95f9acc6 1937046
xscreensaver-gl-extra_5.07-1+nmu1_i386.deb
Checksums-Sha256:
69705b9c4d73cd8ab21d71e586b7695837b75eb3512f0332dc62cf5825752b44 1761
xscreensaver_5.07-1+nmu1.dsc
891bc360d74fbad605140867013703280b5c7c6184205da21ef9af6dc5776d32 76860
xscreensaver_5.07-1+nmu1.diff.gz
b158d945c187c7a65adced2f5cf300b990e0ffaf33c0e305c28519e5bd4e887d 731240
xscreensaver_5.07-1+nmu1_i386.deb
9a48ba4028783b66d4c979a40fb3df82485b737693acad6b2af17b466b17b7b9 512544
xscreensaver-data_5.07-1+nmu1_i386.deb
e4cb74981ca94d0b73ccb2f50d6af104631366fd9e22909192f3907d74a60a54 3141278
xscreensaver-data-extra_5.07-1+nmu1_i386.deb
46e84f09a70a92f180be28f454a29b830d13e6b92fb8547b5ccd1bb333c2e9f7 1926544
xscreensaver-gl_5.07-1+nmu1_i386.deb
03dd28dda073205e8be366e25f53e30b61a8257a0566cde9595867117449c741 1937046
xscreensaver-gl-extra_5.07-1+nmu1_i386.deb
Files:
930a051d6d0c267ae8d27cf07c608b1a 1761 x11 optional xscreensaver_5.07-1+nmu1.dsc
a7bcc3b912e9019e854dafba18065b9f 76860 x11 optional
xscreensaver_5.07-1+nmu1.diff.gz
f9ca60fbc0c33eb5b927075ecd8167df 731240 x11 optional
xscreensaver_5.07-1+nmu1_i386.deb
7a3a59c137714797ae8a9d9076c9b591 512544 x11 optional
xscreensaver-data_5.07-1+nmu1_i386.deb
c1892a8db23f06787a1994ca3c8fc0af 3141278 x11 optional
xscreensaver-data-extra_5.07-1+nmu1_i386.deb
d04381b06d98b9ed29be09610f40d0be 1926544 x11 optional
xscreensaver-gl_5.07-1+nmu1_i386.deb
adff301cff2a9748e8da612d0bb70adc 1937046 x11 optional
xscreensaver-gl-extra_5.07-1+nmu1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqM6MMACgkQ62zWxYk/rQePogCgqVbGv1l4c4VFUacpQLkPSBdX
gHkAoL5X3WGYQvU81LjDWEQhmjyc6qFj
=heFK
-----END PGP SIGNATURE-----
--- End Message ---
