aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/programs/Xserver/Xext/security.c.NX.original
diff options
context:
space:
mode:
authorReinhard Tartler <siretart@tauware.de>2011-10-10 17:47:30 +0200
committerReinhard Tartler <siretart@tauware.de>2011-10-10 17:47:30 +0200
commit30463b084b2833193aa6fdc2ceafefc8a1c06fee (patch)
treefd062f7ac7b98d742a781d5f95e59cbb38fb81bc /nx-X11/programs/Xserver/Xext/security.c.NX.original
parent713da22603c4abc7a97feddd931f29c507b7984b (diff)
downloadnx-libs-30463b084b2833193aa6fdc2ceafefc8a1c06fee.tar.gz
nx-libs-30463b084b2833193aa6fdc2ceafefc8a1c06fee.tar.bz2
nx-libs-30463b084b2833193aa6fdc2ceafefc8a1c06fee.zip
Imported nx-X11-3.2.0-2.tar.gznx-X11/3.2.0-2
Summary: Imported nx-X11-3.2.0-2.tar.gz Keywords: Imported nx-X11-3.2.0-2.tar.gz into Git repository
Diffstat (limited to 'nx-X11/programs/Xserver/Xext/security.c.NX.original')
-rw-r--r--nx-X11/programs/Xserver/Xext/security.c.NX.original10
1 files changed, 7 insertions, 3 deletions
diff --git a/nx-X11/programs/Xserver/Xext/security.c.NX.original b/nx-X11/programs/Xserver/Xext/security.c.NX.original
index cee89354a..e3cca43eb 100644
--- a/nx-X11/programs/Xserver/Xext/security.c.NX.original
+++ b/nx-X11/programs/Xserver/Xext/security.c.NX.original
@@ -813,15 +813,19 @@ SProcSecurityGenerateAuthorization(
register char n;
CARD32 *values;
unsigned long nvalues;
+ int values_offset;
swaps(&stuff->length, n);
REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
swaps(&stuff->nbytesAuthProto, n);
swaps(&stuff->nbytesAuthData, n);
swapl(&stuff->valueMask, n);
- values = (CARD32 *)(&stuff[1]) +
- ((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
- ((stuff->nbytesAuthData + (unsigned)3) >> 2);
+ values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
+ ((stuff->nbytesAuthData + (unsigned)3) >> 2);
+ if (values_offset >
+ stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2))
+ return BadLength;
+ values = (CARD32 *)(&stuff[1]) + values_offset;
nvalues = (((CARD32 *)stuff) + stuff->length) - values;
SwapLongs(values, nvalues);
return ProcSecurityGenerateAuthorization(client);