aboutsummaryrefslogtreecommitdiff
path: root/nxcomp/ServerReadBuffer.cpp
diff options
context:
space:
mode:
authorOlivier Fourdan <ofourdan@redhat.com>2015-01-16 20:08:59 +0100
committerMike DePaulo <mikedep333@gmail.com>2015-02-17 21:24:28 -0500
commit9308c79ba2757cb1a64e0040176b8290b435544f (patch)
treed409f4e736836ca755e8745b0c2b9e00171c34cd /nxcomp/ServerReadBuffer.cpp
parent3937db18a203f9936387286b95328f27013a5ffe (diff)
downloadnx-libs-9308c79ba2757cb1a64e0040176b8290b435544f.tar.gz
nx-libs-9308c79ba2757cb1a64e0040176b8290b435544f.tar.bz2
nx-libs-9308c79ba2757cb1a64e0040176b8290b435544f.zip
xkb: Don't swap XkbSetGeometry data in the input buffer
The XkbSetGeometry request embeds data which needs to be swapped when the server and the client have different endianess. _XkbSetGeometry() invokes functions that swap these data directly in the input buffer. However, ProcXkbSetGeometry() may call _XkbSetGeometry() more than once (if there is more than one keyboard), thus causing on swapped clients the same data to be swapped twice in memory, further causing a server crash because the strings lengths on the second time are way off bounds. To allow _XkbSetGeometry() to run reliably more than once with swapped clients, do not swap the data in the buffer, use variables instead. v3: backport to nx-libs 3.6.x as a prereq for the CVE-2015-0255 fix (Mike DePaulo) Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> (cherry picked from commit 81c90dc8f0aae3b65730409b1b615b5fa7280ebd) (cherry picked from commit 29be310c303914090298ddda93a5bd5d00a94945) Signed-off-by: Julien Cristau <jcristau@debian.org> index 2405090..7db0959 100644
Diffstat (limited to 'nxcomp/ServerReadBuffer.cpp')
0 files changed, 0 insertions, 0 deletions