aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Cristau <jcristau@debian.org>2014-10-28 10:30:04 +0100
committerMike DePaulo <mikedep333@gmail.com>2015-05-24 19:02:56 -0400
commite469cff02d3093062ce9243185d55c516efdad0b (patch)
tree1a2ff09905c1f51c7fe52703239d803ea085388a
parentf7295831a0dd1b52fb68e41dd9e84e0850524835 (diff)
downloadnx-libs-e469cff02d3093062ce9243185d55c516efdad0b.tar.gz
nx-libs-e469cff02d3093062ce9243185d55c516efdad0b.tar.bz2
nx-libs-e469cff02d3093062ce9243185d55c516efdad0b.zip
render: check request size before reading it [CVE-2014-8100 1/2]
Otherwise we may be reading outside of the client request. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXrender.c rather than render.c (Mike DePaulo) Signed-off-by: Julien Cristau <jcristau@debian.org> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Conflicts: render/render.c
Diffstat
-rw-r--r--nx-X11/programs/Xserver/hw/nxagent/NXrender.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
index 89e790135..8a0091042 100644
--- a/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
+++ b/nx-X11/programs/Xserver/hw/nxagent/NXrender.c
@@ -387,10 +387,11 @@ ProcRenderQueryVersion (ClientPtr client)
register int n;
REQUEST(xRenderQueryVersionReq);
+ REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+
pRenderClient->major_version = stuff->majorVersion;
pRenderClient->minor_version = stuff->minorVersion;
- REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 06:18:04 +0000