aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/lib/X11/ModMap.c
Commit message (Collapse)AuthorAgeFilesLines
* The validation of server responses avoids out of boundary accesses.Tobias Stoeckmann2016-10-191-1/+2
| | | | | | | | | v2: FontNames.c return a NULL list whenever a single length field from the server is incohent. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* Remove redundant null checks before freewalter harms2016-10-191-3/+2
| | | | | | | | | | | This patch removes some redundant null checks before free. It should not change the code otherwise. Be aware that this is only the first series. Signed-off-by: Harms <wharms@bfs,de> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* Remove unnecessary casts of pointers to (char *) in calls to Xfree()Alan Coopersmith2016-10-191-4/+4
| | | | | | | | Left one cast behind that is necessary to change from const char * to char * in nx-X11/lib/X11/lcCharSet.c. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* XSetModifierMapping: Use Data instead of GetReqExtraAlan Coopersmith2016-10-191-9/+3
| | | | | | | | Handle arbitrary length data in the same fashion as other calls, avoiding need to ensure it fits all in the request buffer. Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* libX11: check size of GetReqExtra after XFlushKees Cook2016-10-191-3/+7
| | | | | | | | | | | | | | | | | | | | | | | Two users of GetReqExtra pass arbitrarily sized allocations from the caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra macro) to double-check the requested length and invalidate "req" when this happens. Users of GetReqExtra passing lengths greater than the Xlib buffer size (normally 16K) must check "req" and fail gracefully instead of crashing. Any callers of GetReqExtra that do not check "req" for NULL will experience this change, in the pathological case, as a NULL dereference instead of a buffer overflow. This is an improvement, but the documentation for GetReqExtra has been updated to reflect the need to check the value of "req" after the call. Bug that manifested the problem: https://bugs.launchpad.net/ubuntu/+source/x11-xserver-utils/+bug/792628 Signed-off-by: Kees Cook <kees@outflux.net> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* Tighten out-of-range comparisons.Thomas Klausner2016-10-191-1/+1
| | | | | | | | | | | | | [For all of these, LONG_MAX was the correct value to prevent overflows for the recent CVEs. Lowering to INT_MAX catches buggy replies from the server that 32-bit clients would reject but 64-bit would accept, so we catch bugs sooner, and really, no sane & working server should ever report more than 2gb of extension names, font path entries, key modifier maps, etc. -alan- ] Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* Remove more unnecessary casts from Xmalloc/calloc callsAlan Coopersmith2016-10-191-2/+2
| | | | | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* integer overflow in XGetModifierMapping() [CVE-2013-1981 13/13]Alan Coopersmith2016-10-121-4/+9
| | | | | | | | | Ensure that we don't underallocate when the server claims a very large reply Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* update src files *[ch] to libX11 1.3.4Ulrich Sibiller2016-10-101-11/+8
|
* VCS info lines: Remove ancient X.org / XFree86 VCS info line from code files.Mike Gabriel2016-07-061-2/+0
| | | | | This has already been started while replacing copyright info in file headers and has now been completed with this commit.
* remove unreferenced NEED_EVENTS/NEED_REPLIESUlrich Sibiller2016-07-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove defines of NEED_EVENTS and NEED_REPLIES because they are never used anywhere. Basically these three commits, but as they are newer and to not match the code structure the patches have not been applied but replaced by sed + manual intervention: From cb95642dc8edebb2935dd471f8b339cb98aa8481 Mon Sep 17 00:00:00 2001 From: Peter Hutterer <peter.hutterer@redhat.com> Date: Fri, 28 Nov 2008 22:28:32 +1000 Subject: Remove #define NEED_EVENTS and NEED_REPLIES A grep on xorg/* revealed there's no consumer of this define. Quote Alan Coopersmith: "The consumer was in past versions of the headers now located in proto/x11proto - for instance, in X11R6.0's xc/include/Xproto.h, all the event definitions were only available if NEED_EVENTS were defined, and all the reply definitions required NEED_REPLIES. Looks like Xproto.h dropped them by X11R6.3, which didn't have the #ifdef's anymore, so these are truly ancient now." Signed-off-by: Peter Hutterer <peter.hutterer@redhat.com> Signed-off-by: Adam Jackson <ajax@redhat.com> -- From 6de368c9aa7ccd2fcd62fca5a2b278913db4d03d Mon Sep 17 00:00:00 2001 From: Fernando Carrijo <fcarrijo@yahoo.com.br> Date: Thu, 1 Jul 2010 06:50:47 -0300 Subject: Purge macros NEED_EVENTS and NEED_REPLIES Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> -- From 57c03e52e6b4e3ed54df5fdd778865467d08e119 Mon Sep 17 00:00:00 2001 From: Fernando Carrijo <fcarrijo@yahoo.com.br> Date: Thu, 1 Jul 2010 06:59:48 -0300 Subject: Purge macro NEED_EVENTS Signed-off-by: Fernando Carrijo <fcarrijo@yahoo.com.br> Acked-by: Tiago Vignatti <tiago.vignatti@nokia.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
* Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1Reinhard Tartler2011-10-101-0/+187
Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository