[X2Go-Dev] [X2Go-Commits] [nx-libs] 19/52: CVE-2014-0210: unvalidated length in _fs_recv_conn_setup() from xorg/lib/libXfont commit 891e084b26837162b12f841060086a105edde86d
Michael DePaulo
mikedep333 at gmail.com
Mon Feb 16 13:10:34 CET 2015
On Mon, Feb 16, 2015 at 12:23 AM, Mihai Moldovan <ionic at ionic.de> wrote:
> On 15.02.2015 09:10 PM, Michael DePaulo wrote:
>> I am actually not sure, I need to learn memory management better.
>>
>> The upstream commit uses and free(alts), and malloc is used before it:
>> http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=891e084b26837162b12f841060086a105edde86d
>> And that is what I based my commit/patch on.
>>
>> However, the RHEL5 patch also uses free(alts), and xalloc is used before it:
>> ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm
>> (0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch)
>> The patch doesn't specify who resolved the RHEL5 conflict, but it was
>> probably Adam Jackson. (ajax)
>
> It really doesn't matter, but I'd like to keep consistency. xfree() is a
> macro for Xfree() which is a macro for free().
>
> http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=31322c2bd9be76493a5a04a23ea68e063fe3b7e6;hp=c0d0e373d4c42c7813b1955fc18f5c9f63c725e0
Thanks!
More information about the x2go-dev
mailing list