[X2Go-Commits] [nx-libs] 42/52: randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]

git-admin at x2go.org git-admin at x2go.org
Sat Feb 14 17:47:16 CET 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch 3.6.x
in repository nx-libs.

commit cea44678dd6a9418460ead314fb2106924b081f7
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date:   Sun Jan 26 19:38:09 2014 -0800

    randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
    
    v2: backport to nx-libs 3.6.x (Mike DePaulo)
    
    Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
    Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
---
 nx-X11/programs/Xserver/randr/rrsdispatch.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/nx-X11/programs/Xserver/randr/rrsdispatch.c b/nx-X11/programs/Xserver/randr/rrsdispatch.c
index 80d16b7..c4425ec 100644
--- a/nx-X11/programs/Xserver/randr/rrsdispatch.c
+++ b/nx-X11/programs/Xserver/randr/rrsdispatch.c
@@ -28,6 +28,7 @@ SProcRRQueryVersion (ClientPtr client)
     register int n;
     REQUEST(xRRQueryVersionReq);
 
+	REQUEST_SIZE_MATCH(xRRQueryVersionReq);
     swaps(&stuff->length, n);
     swapl(&stuff->majorVersion, n);
     swapl(&stuff->minorVersion, n);
@@ -40,6 +41,7 @@ SProcRRGetScreenInfo (ClientPtr client)
     register int n;
     REQUEST(xRRGetScreenInfoReq);
 
+	REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
     swaps(&stuff->length, n);
     swapl(&stuff->window, n);
     return (*ProcRandrVector[stuff->randrReqType]) (client);
@@ -75,6 +77,7 @@ SProcRRSelectInput (ClientPtr client)
     register int n;
     REQUEST(xRRSelectInputReq);
 
+	REQUEST_SIZE_MATCH(xRRSelectInputReq);
     swaps(&stuff->length, n);
     swapl(&stuff->window, n);
     swaps(&stuff->enable, n);

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git


More information about the x2go-commits mailing list