[X2Go-Commits] [nx-libs] 05/06: Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).

git-admin at x2go.org git-admin at x2go.org
Wed Mar 7 21:58:05 CET 2018


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.6.x
in repository nx-libs.

commit 7017c22c2b5dcacc8e337029f7ed82f4bcafb819
Author: Nathan Kidd <nkidd at opentext.com>
Date:   Mon Mar 5 11:01:49 2018 +0100

    Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).
    
     commit cad5a1050b7184d828aef9c1dd151c3ab649d37e
     Author: Nathan Kidd <nkidd at opentext.com>
     Date:   Fri Jan 9 09:57:23 2015 -0500
    
        Unvalidated lengths
    
        v2: Add overflow check and remove unnecessary check (Julien Cristau)
    
        This addresses:
        CVE-2017-12184 in XINERAMA
        CVE-2017-12185 in MIT-SCREEN-SAVER
        CVE-2017-12186 in X-Resource
        CVE-2017-12187 in RENDER
    
        Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu at apple.com>
        Reviewed-by: Julien Cristau <jcristau at debian.org>
        Signed-off-by: Nathan Kidd <nkidd at opentext.com>
        Signed-off-by: Julien Cristau <jcristau at debian.org>
    
     Backported-to-NX-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
---
 nx-X11/programs/Xserver/Xext/saver.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c
index 0b79a00..89eebd7 100644
--- a/nx-X11/programs/Xserver/Xext/saver.c
+++ b/nx-X11/programs/Xserver/Xext/saver.c
@@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client)
        PanoramiXRes *draw;
        int i;
 
+       REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq);
+
        if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass(
                    client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess)))
            return BadDrawable;

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list