diff options
author | Mihai Moldovan <ionic@ionic.de> | 2017-12-15 12:55:17 +0100 |
---|---|---|
committer | Mihai Moldovan <ionic@ionic.de> | 2017-12-15 12:55:17 +0100 |
commit | 1dad092caf01d733990648e6df64cbf964df5143 (patch) | |
tree | 39de0e643e76754a3e23ca9dd0350b8ba4f76250 /debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch | |
parent | 6d70b9e3c47f27a166f4aacb522c5c1e49092dd9 (diff) | |
parent | 2b9025f797ee322e21077e100c2ee27c2e7fa0e0 (diff) | |
download | nx-libs-1dad092caf01d733990648e6df64cbf964df5143.tar.gz nx-libs-1dad092caf01d733990648e6df64cbf964df5143.tar.bz2 nx-libs-1dad092caf01d733990648e6df64cbf964df5143.zip |
Merge branch '3.6.x'
Diffstat (limited to 'debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch')
-rw-r--r-- | debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch b/debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch deleted file mode 100644 index 87b55abf1..000000000 --- a/debian/patches/1022-dix-integer-overflow-in-REQUEST_FIXED_SIZE-CVE-.full.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 82d7279ebfa04f319e68145b3adbf65716e59584 Mon Sep 17 00:00:00 2001 -From: Alan Coopersmith <alan.coopersmith@oracle.com> -Date: Wed, 22 Jan 2014 23:44:46 -0800 -Subject: [PATCH 22/40] dix: integer overflow in REQUEST_FIXED_SIZE() - [CVE-2014-8092 4/4] - -Force use of 64-bit integers when evaluating data provided by clients -in 32-bit fields which can overflow when added or multiplied during -checks. - -Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> -Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> -Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> - -RHEL5: add #include <stdint.h> for uint64_t -v3: backport to nx-libs 3.6.x (Mike DePaulo) ---- - nx-X11/programs/Xserver/include/dix.h | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/nx-X11/programs/Xserver/include/dix.h -+++ b/nx-X11/programs/Xserver/include/dix.h -@@ -50,6 +50,8 @@ SOFTWARE. - #ifndef DIX_H - #define DIX_H - -+#include <stdint.h> -+ - #include "gc.h" - #include "window.h" - #include "input.h" -@@ -73,7 +75,8 @@ SOFTWARE. - - #define REQUEST_FIXED_SIZE(req, n)\ - if (((sizeof(req) >> 2) > client->req_len) || \ -- (((sizeof(req) + (n) + 3) >> 2) != client->req_len)) \ -+ ((n >> 2) >= client->req_len) || \ -+ ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \ - return(BadLength) - - #define LEGAL_NEW_RESOURCE(id,client)\ |