XDMCP Request packet with no addresses crashes LightDM
Bug #1516831 reported by
Robert Ancell
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Fix Released
|
Critical
|
Robert Ancell | ||
1.14 |
Fix Released
|
Critical
|
Robert Ancell | ||
1.16 |
Fix Released
|
Critical
|
Robert Ancell | ||
lightdm (Ubuntu) |
Fix Released
|
Critical
|
Robert Ancell | ||
Vivid |
Fix Released
|
Critical
|
Robert Ancell | ||
Wily |
Fix Released
|
Critical
|
Robert Ancell |
Bug Description
[Impact]
If LightDM receives an XDMCP Request packet with no addresses then it will attempt to access a negative index into an array and crash. This only occurs if the XDMCP server is enabled.
[Test Case]
1. Enable XDMCP in lightdm.conf:
[XDMCPServer]
enabled=true
2. Start LightDM
3. Send an XDMCP Request without an empty addresses field (valid XDMCP servers do not send this).
Expected result:
The request is ignored.
Observed result:
LightDM crashes.
CVE References
Changed in lightdm: | |
status: | In Progress → Fix Committed |
description: | updated |
Changed in lightdm: | |
milestone: | none → 1.17.2 |
no longer affects: | lightdm/1.2 |
Changed in lightdm: | |
status: | Fix Committed → Fix Released |
description: | updated |
no longer affects: | lightdm/1.10 |
Changed in lightdm (Ubuntu): | |
status: | Fix Committed → Fix Released |
tags: |
added: verification-done-vivid verification-done-wily removed: verification-needed |
Changed in lightdm (Ubuntu): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in lightdm (Ubuntu Vivid): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in lightdm (Ubuntu Wily): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
To post a comment you must log in.
Caused bu the change in bug 1481561