I try the patch provided by "Jun Kobayashi (jkbys)" on 2017-07-19:
x11vnc.debdiff Edit (2.2 KiB, text/plain)
Well... First I change the debdiff to be apply over x11vnc-0.9.13-5 (instead of
0.9.13-2) :
after apply the debdiff, generate the package, and install I tested.
After 30min NO STACK SMACHING.. I try make popup menu like crazy and no fail. I
cannot
reproduce the fail anymore.
I make a roolback to previus version (only for sanity check) and after 5min
stack smashing
detected...
Then YES, the patch fix the problem.
I will continue testing, any problem i will notifi
PS; Adj. debdiff
Guillermo Reisch
El martes, 24 de abril de 2018 04:56:55 -03 Nikita Youshchenko escribió:
> Hi.
>
> Thank you for the reminder.
>
> As far as I understand, this issue is patched in ubuntu
> (https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/1686084).
>
> Did you try their patch? Does it fix the issue for you?
>
> I've adopted x11vnc package recently and I will try to go through list
> of open issues soon.
>
> Nikita
>
> > This problem is still present in version: x11vnc 0.9.13-5 (sid)
> >
> >
> >
> > Note: Lots of errors in debian are already fixed in patch in a lots of
> > bugs! But, lots of package are "orphan"... and you can't upload a simple
> > patch without going through a traumatizing "adoption".
> >
> >
> >
> > PS: Sory my bad ingles. :-P
> >
> >
> >
> > Guillermo Reisch
> >
> > UInf - FENF - UdelaR
> >
> >
diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog
--- x11vnc-0.9.13/debian/changelog 2018-04-13 11:09:45.000000000 -0300
+++ x11vnc-0.9.13/debian/changelog 2018-04-28 01:52:36.000000000 -0300
@@ -1,3 +1,11 @@
+x11vnc (0.9.13-5ppa1) unstable; urgency=medium
+
+ * Add patches:
+ - fix_overflow.patch - Two fixes for buffer overflows committed to
+ https://github.com/LibVNC/x11vnc/pull/25
+
+ -- Jun Kobayashi <jk...@ubuntu.com> Wed, 19 Jul 2017 12:06:45 +0900
+
x11vnc (0.9.13-5) unstable; urgency=low
* Split build and install into arch and indep parts (Closes: #895591).
diff -Nru x11vnc-0.9.13/debian/patches/fix_overflow.patch x11vnc-0.9.13/debian/patches/fix_overflow.patch
--- x11vnc-0.9.13/debian/patches/fix_overflow.patch 1970-01-01 09:00:00.000000000 +0900
+++ x11vnc-0.9.13/debian/patches/fix_overflow.patch 2017-07-19 12:06:45.000000000 +0900
@@ -0,0 +1,28 @@
+Index: x11vnc-0.9.13/x11vnc/win_utils.c
+===================================================================
+--- x11vnc-0.9.13.orig/x11vnc/win_utils.c
++++ x11vnc-0.9.13/x11vnc/win_utils.c
+@@ -262,8 +262,8 @@ void snapshot_stack_list(int free_only,
+ }
+
+ last_snap = now;
+- if (num > stack_list_len + blackouts) {
+- int n = 2*num;
++ if (num + blackouts > stack_list_len) {
++ int n = 2 * (num + blackouts);
+ free(stack_list);
+ stack_list = (winattr_t *) malloc(n*sizeof(winattr_t));
+ stack_list_len = n;
+Index: x11vnc-0.9.13/x11vnc/xrecord.c
+===================================================================
+--- x11vnc-0.9.13.orig/x11vnc/xrecord.c
++++ x11vnc-0.9.13/x11vnc/xrecord.c
+@@ -964,7 +964,7 @@ if (db > 1) fprintf(stderr, "record_CW-%
+ data = (char *)req;
+ data += sz_xConfigureWindowReq;
+
+- for (i=0; i<req->length; i++) {
++ for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) {
+ unsigned int v;
+ /*
+ * We use unsigned int for the values. There were
diff -Nru x11vnc-0.9.13/debian/patches/series x11vnc-0.9.13/debian/patches/series
--- x11vnc-0.9.13/debian/patches/series 2018-04-13 11:09:45.000000000 -0300
+++ x11vnc-0.9.13/debian/patches/series 2018-04-28 02:02:34.000000000 -0300
@@ -4,3 +4,4 @@
do-not-run-dbus-launch.patch
enforce-bash.patch
java_target_source.patch
+fix_overflow.patch
