Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
access weakness #16

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

Mesa-6.5.1/src/mesa/drivers/dri/r300/r300_fragprog.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 access weakness.

 		cs->used_in_node |= (1 << hwsrc);

	rp->node[rp->cur_node].tex_end++;

	/* Copy from temp to output if needed */
	if (rdest.valid) {
		emit_arith(rp, PFS_OP_MAD, rdest, WRITEMASK_XYZW, dest,
			   pfs_one, pfs_zero, 0);
		free_temp(rp, dest);
	}
}

/* Add sources to FPI1/FPI3 lists.  If source is already on list,
 * reuse the index instead of wasting a source.
 */
static int add_src(struct r300_fragment_program *rp, int reg, int pos,
		   int srcmask)
{
	COMPILE_STATE;
	int csm, i;
	
	/* Look for matches */
	for (i=0,csm=srcmask; i<3; i++,csm=csm<<1) {	
		/* If sources have been allocated in this position(s)... */
		if ((cs->slot[pos].umask & csm) == csm) {
			/* ... and the register number(s) match, re-use the
			   source */
			if (srcmask == SLOT_VECTOR &&
			    cs->slot[pos].vsrc[i] == reg)
				return i;
			if (srcmask == SLOT_SCALAR &&
			    cs->slot[pos].ssrc[i] == reg)
				return i;
			if (srcmask == SLOT_BOTH &&
			    cs->slot[pos].vsrc[i] == reg &&
			    cs->slot[pos].ssrc[i] == reg)
				return i;
		}
	}

	/* Look for free spaces */
	for (i=0,csm=srcmask; i<3; i++,csm=csm<<1) {
		/* If the position(s) haven't been allocated */
		if ((cs->slot[pos].umask & csm) == 0) {
			cs->slot[pos].umask |= csm;

			if (srcmask & SLOT_VECTOR)
				cs->slot[pos].vsrc[i] = reg;
			if (srcmask & SLOT_SCALAR)
				cs->slot[pos].ssrc[i] = reg; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.