[X2Go-Commits] [nx-libs] 01/06: Security fixes: X.Org CVE-2014-8100:
git-admin at x2go.org
git-admin at x2go.org
Tue May 26 19:12:27 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository nx-libs.
commit c19b58d09070aa54eb7458b0377bd4bd975e539d
Author: Mihai Moldovan <ionic at ionic.de>
Date: Tue May 26 18:00:00 2015 +0200
Security fixes: X.Org CVE-2014-8100:
v3: port to NXrender.c rather than render.c (Mike DePaulo)
v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
Changes:
- 1027-render-check-request-size-before-reading-it-CVE.full.patch
---
...k-request-size-before-reading-it-CVE.full.patch | 24 +++++++++++++++-----
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
index 9540dde..7e8fe35 100644
--- a/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
+++ b/debian/patches/1027-render-check-request-size-before-reading-it-CVE.full.patch
@@ -7,6 +7,8 @@ Subject: [PATCH 27/40] render: check request size before reading it
Otherwise we may be reading outside of the client request.
v2: backport to nx-libs 3.6.x (Mike DePaulo)
+v3: port to NXrender.c rather than render.c (Mike DePaulo)
+v4: backport v3 to nx-libs 3.5.0.x (Mihai Moldovan)
Signed-off-by: Julien Cristau <jcristau at debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith at oracle.com>
@@ -18,11 +20,24 @@ Conflicts:
nx-X11/programs/Xserver/render/render.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
-diff --git a/nx-X11/programs/Xserver/render/render.c b/nx-X11/programs/Xserver/render/render.c
-index d25d497..ebbce81 100644
--- a/nx-X11/programs/Xserver/render/render.c
+++ b/nx-X11/programs/Xserver/render/render.c
-@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client)
+@@ -283,10 +283,11 @@ ProcRenderQueryVersion (ClientPtr client
+ register int n;
+ REQUEST(xRenderQueryVersionReq);
+
++ REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
++
+ pRenderClient->major_version = stuff->majorVersion;
+ pRenderClient->minor_version = stuff->minorVersion;
+
+- REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+ rep.type = X_Reply;
+ rep.length = 0;
+ rep.sequenceNumber = client->sequence;
+--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
++++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
+@@ -326,10 +326,11 @@ ProcRenderQueryVersion (ClientPtr client
register int n;
REQUEST(xRenderQueryVersionReq);
@@ -35,6 +50,3 @@ index d25d497..ebbce81 100644
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
---
-2.1.4
-
--
Alioth's /srv/git/code.x2go.org/nx-libs.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/nx-libs.git
More information about the x2go-commits
mailing list