[X2Go-Dev] [X2Go-Commits] [nx-libs] 13/52: LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
Michael DePaulo
mikedep333 at gmail.com
Sun Feb 15 21:01:26 CET 2015
On Sun, Feb 15, 2015 at 2:11 PM, Mihai Moldovan <ionic at ionic.de> wrote:
> On 14.02.2015 05:47 PM, git-admin at x2go.org wrote:
>> This is an automated email from the git hooks/post-receive script.
>>
>> x2go pushed a commit to branch 3.6.x
>> in repository nx-libs.
>>
>> commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0
>> Author: Mike DePaulo <mikedep333 at gmail.com>
>> Date: Sun Feb 8 19:15:20 2015 -0500
>>
>> LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
>>
>> Specially crafted LZW stream can crash an application using libXfont
>> that is used to open untrusted font files. With X server, this may
>> allow privilege escalation when exploited
>> ---
>> nx-X11/lib/font/fontfile/decompress.c | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c
>> index a4c5468..553b315 100644
>> --- a/nx-X11/lib/font/fontfile/decompress.c
>> +++ b/nx-X11/lib/font/fontfile/decompress.c
>> @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
>> */
>> while ( code >= 256 )
>> {
>> + if (stackp - de_stack >= STACK_SIZE - 1)
>> + return BUFFILEEOF;
> Personally, I would have written that as
> if ((stackp - de_stack) >= (STACK_SIZE - 1))
>
> But that's my personal style and I like to over-parenthesis.
Both the upstream commit and the RHEL5 patch have it written this way,
but I agree that your style is better.
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm
(cve-2011-2895.patch)
More information about the x2go-dev
mailing list