[X2Go-Commits] [nx-libs] 13/52: LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0

[git-admin at x2go.org]

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.6.x
in repository nx-libs.

commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0
Author: Mike DePaulo <mikedep333 at gmail.com>
Date:   Sun Feb 8 19:15:20 2015 -0500

    LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
    
        Specially crafted LZW stream can crash an application using libXfont
        that is used to open untrusted font files.  With X server, this may
        allow privilege escalation when exploited
---
 nx-X11/lib/font/fontfile/decompress.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c
index a4c5468..553b315 100644
--- a/nx-X11/lib/font/fontfile/decompress.c
+++ b/nx-X11/lib/font/fontfile/decompress.c
@@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
      	 */
     	while ( code >= 256 )
     	{
+	    if (stackp - de_stack >= STACK_SIZE - 1)
+		return BUFFILEEOF;
 	    *stackp++ = file->tab_suffix[code];
 	    code = file->tab_prefix[code];
     	}

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git