[X2Go-Dev] [X2Go-Commits] [nx-libs] 29/52: CVE-2014-0210: unvalidated length fields in fs_read_list_info() from xorg/lib/libXfont commit d338f81df1e188eb16e1d6aeea7f4800f89c1218
Mihai Moldovan
ionic at ionic.de
Sun Feb 15 22:20:04 CET 2015
On 14.02.2015 05:47 PM, git-admin at x2go.org wrote:
> This is an automated email from the git hooks/post-receive script.
>
> x2go pushed a commit to branch 3.6.x
> in repository nx-libs.
>
> commit b65259bf3bcca15b5069cb7a6c06f95a40f79813
> Author: Mike DePaulo <mikedep333 at gmail.com>
> Date: Sun Feb 8 22:38:32 2015 -0500
>
> CVE-2014-0210: unvalidated length fields in fs_read_list_info() from xorg/lib/libXfont commit d338f81df1e188eb16e1d6aeea7f4800f89c1218
>
> fs_read_list_info() parses a reply from the font server. The reply
> contains a number of additional data items with embedded length or
> count fields, none of which are validated. This can cause out of
> bound reads when looping over these items in the reply.
> ---
> nx-X11/lib/font/fc/fserve.c | 56 ++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 55 insertions(+), 1 deletion(-)
>
> diff --git a/nx-X11/lib/font/fc/fserve.c b/nx-X11/lib/font/fc/fserve.c
> index 60d9017..6ba3ad4 100644
> --- a/nx-X11/lib/font/fc/fserve.c
> +++ b/nx-X11/lib/font/fc/fserve.c
> @@ -2500,6 +2500,7 @@ fs_read_list_info(FontPathElementPtr fpe, FSBlockDataPtr blockrec)
> FSBlockedListInfoPtr binfo = (FSBlockedListInfoPtr) blockrec->data;
> fsListFontsWithXInfoReply *rep;
> char *buf;
> + long bufleft;
Same here.
Everything else in this patch looks OK.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150215/1ce34f78/attachment.pgp>
More information about the x2go-dev
mailing list