NXv3 (redistributed) https://cgit.arctica-project.org/nx-libs/atom?h=3.5.99.16 2015-04-22T04:22:37+00:00 2015-04-22T04:22:37+00:00 Mike Gabriel mike.gabriel@das-netzwerkteam.de 2015-04-14T07:24:55+00:00 urn:sha1:70b77a0fc329e2e205a596a738c7307d354e7b1c 2015-04-16T12:09:07+00:00 Mike Gabriel mike.gabriel@das-netzwerkteam.de 2015-04-15T07:58:01+00:00 urn:sha1:bad67799229b94ea2ba0174319949766ad1c2fc6 2015-02-16T09:29:36+00:00 Joerg Sonnenberger joerg@britannica.bec.de 2011-08-21T16:51:53+00:00 urn:sha1:65deb86f8dab0c88e051b5ac416b7907433aa849 It ensures that all valid input can be decompressed, checks that the overflow conditions doesn't happen and generally tightens the validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. v2: backports to nx-libs 3.6.x (Mihai Moldovan) v3: fix comment lines starting with "+" + whitespace fixes (Mike Gabriel) Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com> 2015-02-16T09:29:14+00:00 Mike Gabriel mike.gabriel@das-netzwerkteam.de 2015-02-16T09:29:14+00:00 urn:sha1:18e337ddf410accec5bdf18c5d28bbd5f3ace7cb This reverts commit 6acafc9334828da22446380c81af81bde14b5d86. 2015-02-16T05:16:41+00:00 Joerg Sonnenberger joerg@britannica.bec.de 2011-08-21T16:51:53+00:00 urn:sha1:6acafc9334828da22446380c81af81bde14b5d86 It ensures that all valid input can be decompressed, checks that the overflow conditions doesn't happen and generally tightens the validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. v2: backports to nx-libs 3.6.x (Mihai Moldovan) Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com> 2015-02-16T05:03:48+00:00 Mihai Moldovan ionic@ionic.de 2015-02-16T05:03:48+00:00 urn:sha1:b04f11915e29d9563d279e1326f61b50ea414dba 2015-02-16T04:54:00+00:00 Mike DePaulo mikedep333@gmail.com 2015-02-09T02:03:33+00:00 urn:sha1:31322c2bd9be76493a5a04a23ea68e063fe3b7e6 The connection setup reply from the font server can include a list of alternate servers to contact if this font server stops working. The reply specifies a total size of all the font server names, and then provides a list of names. _fs_recv_conn_setup() allocated the specified total size for copying the names to, but didn't check to make sure it wasn't copying more data to that buffer than the size it had allocated. v2: use xfree() instead of free() for nx-libs 3.6.x (Mihai Moldovan) 2015-02-16T04:52:09+00:00 Mihai Moldovan ionic@ionic.de 2015-02-16T04:52:09+00:00 urn:sha1:c0d0e373d4c42c7813b1955fc18f5c9f63c725e0 This reverts commit 94c6de0649cd295044b1e4ff7265949c9c787519. 2015-02-16T04:47:25+00:00 Mike DePaulo mikedep333@gmail.com 2015-02-09T03:08:09+00:00 urn:sha1:e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3 fs_read_query_info() parses a reply from the font server. The reply contains embedded length fields, none of which are validated. This can cause out of bound reads in either fs_read_query_info() or in _fs_convert_props() which it calls to parse the fsPropInfo in the reply. v2: apply correctly on nx-libs 3.6.x (Mihai Moldovan) 2015-02-16T04:26:40+00:00 Mihai Moldovan ionic@ionic.de 2015-02-16T04:26:40+00:00 urn:sha1:5fc2f57fb5520bb61e2c1f8b6fd2522b203b3b9d This reverts commit c6aebf9284855a0e24ad9c5ffdd36aa65e16bec7.