| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[CVE-2013-2004 1/2]
GetIncludeFile() can call GetDatabase() which can call GetIncludeFile()
which can call GetDatabase() which can call GetIncludeFile() ....
eventually causing recursive stack overflow and crash.
Easily reproduced with a resource file that #includes itself.
Limit is set to a include depth of 100 files, which should be enough
for all known use cases, but could be adjusted later if necessary.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
|
|
|
|
|
|
|
|
|
|
| |
Tracked variable "size" was passed to a negative sink.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Ander Conselvan de Oliveira <ander.conselvan-de-oliveira@nokia.com>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit be3e6c205d94dedc1cdebf5d17b987f0f828377a)
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
|
| |
|
|
|
|
|
| |
This has already been started while replacing copyright info in file
headers and has now been completed with this commit.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the process of building nxagent against more and more system-wide installed
X.org libraries, we come to the limit of including structs from this (bundled
nx-X11) and that (system-wide X.Org) library.
This commit introduces a clear namespace separation of headers provided by
nx-X11 and headers provided by X.Org. This approach is only temporary as we
want to drop all nx-X11 bundled libraries from nx-libs.
However, for a while we need to make this separation clear and also ship
some reduced fake X.Org headers that avoid pulling in libX* and libNX_X*
symbols at the same time.
This patch has been tested on Debian jessie and unstable and requires no
overall testing on various distros and distro versions, as we finally will
drop all libNX_X* libraries and build against X.org's client libs.
For now, this hack eases our development / cleanup process.
|
|
Summary: Imported nx-X11-3.1.0-1.tar.gz
Keywords:
Imported nx-X11-3.1.0-1.tar.gz
into Git repository
|