[X2Go-Commits] [nx-libs] 42/52: randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
git-admin at x2go.org
git-admin at x2go.org
Sat Feb 14 17:47:16 CET 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.6.x
in repository nx-libs.
commit cea44678dd6a9418460ead314fb2106924b081f7
Author: Alan Coopersmith <alan.coopersmith at oracle.com>
Date: Sun Jan 26 19:38:09 2014 -0800
randr: unvalidated lengths in RandR extension swapped procs [CVE-2014-8101]
v2: backport to nx-libs 3.6.x (Mike DePaulo)
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
---
nx-X11/programs/Xserver/randr/rrsdispatch.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/nx-X11/programs/Xserver/randr/rrsdispatch.c b/nx-X11/programs/Xserver/randr/rrsdispatch.c
index 80d16b7..c4425ec 100644
--- a/nx-X11/programs/Xserver/randr/rrsdispatch.c
+++ b/nx-X11/programs/Xserver/randr/rrsdispatch.c
@@ -28,6 +28,7 @@ SProcRRQueryVersion (ClientPtr client)
register int n;
REQUEST(xRRQueryVersionReq);
+ REQUEST_SIZE_MATCH(xRRQueryVersionReq);
swaps(&stuff->length, n);
swapl(&stuff->majorVersion, n);
swapl(&stuff->minorVersion, n);
@@ -40,6 +41,7 @@ SProcRRGetScreenInfo (ClientPtr client)
register int n;
REQUEST(xRRGetScreenInfoReq);
+ REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
swaps(&stuff->length, n);
swapl(&stuff->window, n);
return (*ProcRandrVector[stuff->randrReqType]) (client);
@@ -75,6 +77,7 @@ SProcRRSelectInput (ClientPtr client)
register int n;
REQUEST(xRRSelectInputReq);
+ REQUEST_SIZE_MATCH(xRRSelectInputReq);
swaps(&stuff->length, n);
swapl(&stuff->window, n);
swaps(&stuff->enable, n);
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
More information about the x2go-commits
mailing list