[X2Go-Dev] [X2Go-Commits] [nx-libs] 13/52: LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
Mihai Moldovan
ionic at ionic.de
Sun Feb 15 20:11:09 CET 2015
On 14.02.2015 05:47 PM, git-admin at x2go.org wrote:
> This is an automated email from the git hooks/post-receive script.
>
> x2go pushed a commit to branch 3.6.x
> in repository nx-libs.
>
> commit af55da1e9c1a6a352b24823a8f7062c288ffbbc0
> Author: Mike DePaulo <mikedep333 at gmail.com>
> Date: Sun Feb 8 19:15:20 2015 -0500
>
> LZW decompress: fix for CVE-2011-2895 From xorg/lib/Xfont commit d11ee5886e9d9ec610051a206b135a4cdc1e09a0
>
> Specially crafted LZW stream can crash an application using libXfont
> that is used to open untrusted font files. With X server, this may
> allow privilege escalation when exploited
> ---
> nx-X11/lib/font/fontfile/decompress.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c
> index a4c5468..553b315 100644
> --- a/nx-X11/lib/font/fontfile/decompress.c
> +++ b/nx-X11/lib/font/fontfile/decompress.c
> @@ -261,6 +261,8 @@ BufCompressedFill (BufFilePtr f)
> */
> while ( code >= 256 )
> {
> + if (stackp - de_stack >= STACK_SIZE - 1)
> + return BUFFILEEOF;
Personally, I would have written that as
if ((stackp - de_stack) >= (STACK_SIZE - 1))
But that's my personal style and I like to over-parenthesis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150215/33d0d544/attachment.pgp>
More information about the x2go-dev
mailing list