[X2Go-Dev] [X2Go-Commits] [nx-libs] 19/52: CVE-2014-0210: unvalidated length in _fs_recv_conn_setup() from xorg/lib/libXfont commit 891e084b26837162b12f841060086a105edde86d
Mihai Moldovan
ionic at ionic.de
Mon Feb 16 06:23:23 CET 2015
On 15.02.2015 09:10 PM, Michael DePaulo wrote:
> I am actually not sure, I need to learn memory management better.
>
> The upstream commit uses and free(alts), and malloc is used before it:
> http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=891e084b26837162b12f841060086a105edde86d
> And that is what I based my commit/patch on.
>
> However, the RHEL5 patch also uses free(alts), and xalloc is used before it:
> ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/os/SRPMS/libXfont-1.2.2-1.0.6.el5_11.src.rpm
> (0003-CVE-2014-0210-unvalidated-length-in-_fs_recv_conn_se.patch)
> The patch doesn't specify who resolved the RHEL5 conflict, but it was
> probably Adam Jackson. (ajax)
It really doesn't matter, but I'd like to keep consistency. xfree() is a
macro for Xfree() which is a macro for free().
http://code.x2go.org/gitweb?p=nx-libs.git;a=commitdiff;h=31322c2bd9be76493a5a04a23ea68e063fe3b7e6;hp=c0d0e373d4c42c7813b1955fc18f5c9f63c725e0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150216/82d3b91d/attachment.pgp>
More information about the x2go-dev
mailing list