[X2Go-Commits] [nx-libs] 16/40: render: check request size before reading it [CVE-2014-8100 1/2]
git-admin at x2go.org
git-admin at x2go.org
Sat Jun 20 00:03:23 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch 3.6.x
in repository nx-libs.
commit e469cff02d3093062ce9243185d55c516efdad0b
Author: Julien Cristau <jcristau at debian.org>
Date: Tue Oct 28 10:30:04 2014 +0100
render: check request size before reading it [CVE-2014-8100 1/2]
Otherwise we may be reading outside of the client request.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
v3: port to NXrender.c rather than render.c (Mike DePaulo)
Signed-off-by: Julien Cristau <jcristau at debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
Conflicts:
render/render.c
---
nx-X11/programs/Xserver/hw/nxagent/NXrender.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
index 89e7901..8a00910 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
@@ -387,10 +387,11 @@ ProcRenderQueryVersion (ClientPtr client)
register int n;
REQUEST(xRenderQueryVersionReq);
+ REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+
pRenderClient->major_version = stuff->majorVersion;
pRenderClient->minor_version = stuff->minorVersion;
- REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
More information about the x2go-commits
mailing list