aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch')
-rw-r--r--debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch b/debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch
new file mode 100644
index 000000000..6a1757d3c
--- /dev/null
+++ b/debian/patches/1030-randr-unvalidated-lengths-in-RandR-extension-sw.full.patch
@@ -0,0 +1,45 @@
+From cea44678dd6a9418460ead314fb2106924b081f7 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Sun, 26 Jan 2014 19:38:09 -0800
+Subject: [PATCH 30/40] randr: unvalidated lengths in RandR extension swapped
+ procs [CVE-2014-8101]
+
+v2: backport to nx-libs 3.6.x (Mike DePaulo)
+
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
+---
+ nx-X11/programs/Xserver/randr/rrsdispatch.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/nx-X11/programs/Xserver/randr/rrsdispatch.c b/nx-X11/programs/Xserver/randr/rrsdispatch.c
+index 80d16b7..c4425ec 100644
+--- a/nx-X11/programs/Xserver/randr/rrsdispatch.c
++++ b/nx-X11/programs/Xserver/randr/rrsdispatch.c
+@@ -28,6 +28,7 @@ SProcRRQueryVersion (ClientPtr client)
+ register int n;
+ REQUEST(xRRQueryVersionReq);
+
++ REQUEST_SIZE_MATCH(xRRQueryVersionReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->majorVersion, n);
+ swapl(&stuff->minorVersion, n);
+@@ -40,6 +41,7 @@ SProcRRGetScreenInfo (ClientPtr client)
+ register int n;
+ REQUEST(xRRGetScreenInfoReq);
+
++ REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->window, n);
+ return (*ProcRandrVector[stuff->randrReqType]) (client);
+@@ -75,6 +77,7 @@ SProcRRSelectInput (ClientPtr client)
+ register int n;
+ REQUEST(xRRSelectInputReq);
+
++ REQUEST_SIZE_MATCH(xRRSelectInputReq);
+ swaps(&stuff->length, n);
+ swapl(&stuff->window, n);
+ swaps(&stuff->enable, n);
+--
+2.1.4
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-12 19:50:20 +0000