aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2014-01-22 22:37:15 -0800
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2015-02-14 16:14:32 +0100
commited1e13a1f4e316bcf0dc0d4b2c16b1df3f075005 (patch)
tree37604d6c64ea88fd97a25c78d49d6d0a50ce99a8 /ChangeLog
parentd4c76981f7fddb364166464c571ed8d3de3086cd (diff)
downloadnx-libs-ed1e13a1f4e316bcf0dc0d4b2c16b1df3f075005.tar.gz
nx-libs-ed1e13a1f4e316bcf0dc0d4b2c16b1df3f075005.tar.bz2
nx-libs-ed1e13a1f4e316bcf0dc0d4b2c16b1df3f075005.zip
dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
RegionSizeof contains several integer overflows if a large length value is passed in. Once we fix it to return 0 on overflow, we also have to fix the callers to handle this error condition v2: Fixed limit calculation in RegionSizeof as pointed out by jcristau. v3: backport to nx-libs 3.6.x (Mike DePaulo) Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> Reviewed-by: Julien Cristau <jcristau@debian.org> Conflicts: dix/region.c include/regionstr.h
Diffstat (limited to 'ChangeLog')
0 files changed, 0 insertions, 0 deletions