aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Kidd <nkidd@opentext.com>2018-03-05 11:01:49 +0100
committerMihai Moldovan <ionic@ionic.de>2018-03-07 21:53:40 +0100
commit7017c22c2b5dcacc8e337029f7ed82f4bcafb819 (patch)
treec9fe57a24e6ad6fd1e2cf27184f24f2f8488e1e4
parentf3231601be0b83051c0c2732120a8f9f72e616d9 (diff)
downloadnx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.tar.gz
nx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.tar.bz2
nx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.zip
Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).
commit cad5a1050b7184d828aef9c1dd151c3ab649d37e Author: Nathan Kidd <nkidd@opentext.com> Date: Fri Jan 9 09:57:23 2015 -0500 Unvalidated lengths v2: Add overflow check and remove unnecessary check (Julien Cristau) This addresses: CVE-2017-12184 in XINERAMA CVE-2017-12185 in MIT-SCREEN-SAVER CVE-2017-12186 in X-Resource CVE-2017-12187 in RENDER Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Nathan Kidd <nkidd@opentext.com> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
-rw-r--r--nx-X11/programs/Xserver/Xext/saver.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c
index 0b79a002b..89eebd7b1 100644
--- a/nx-X11/programs/Xserver/Xext/saver.c
+++ b/nx-X11/programs/Xserver/Xext/saver.c
@@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client)
PanoramiXRes *draw;
int i;
+ REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq);
+
if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass(
client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess)))
return BadDrawable;