diff options
author | Nathan Kidd <nkidd@opentext.com> | 2018-03-05 11:01:49 +0100 |
---|---|---|
committer | Mihai Moldovan <ionic@ionic.de> | 2018-03-07 21:53:40 +0100 |
commit | 7017c22c2b5dcacc8e337029f7ed82f4bcafb819 (patch) | |
tree | c9fe57a24e6ad6fd1e2cf27184f24f2f8488e1e4 /nx-X11/programs/Xserver/Xext | |
parent | f3231601be0b83051c0c2732120a8f9f72e616d9 (diff) | |
download | nx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.tar.gz nx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.tar.bz2 nx-libs-7017c22c2b5dcacc8e337029f7ed82f4bcafb819.zip |
Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).
commit cad5a1050b7184d828aef9c1dd151c3ab649d37e
Author: Nathan Kidd <nkidd@opentext.com>
Date: Fri Jan 9 09:57:23 2015 -0500
Unvalidated lengths
v2: Add overflow check and remove unnecessary check (Julien Cristau)
This addresses:
CVE-2017-12184 in XINERAMA
CVE-2017-12185 in MIT-SCREEN-SAVER
CVE-2017-12186 in X-Resource
CVE-2017-12187 in RENDER
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Diffstat (limited to 'nx-X11/programs/Xserver/Xext')
-rw-r--r-- | nx-X11/programs/Xserver/Xext/saver.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c index 0b79a002b..89eebd7b1 100644 --- a/nx-X11/programs/Xserver/Xext/saver.c +++ b/nx-X11/programs/Xserver/Xext/saver.c @@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client) PanoramiXRes *draw; int i; + REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq); + if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) return BadDrawable; |