aboutsummaryrefslogtreecommitdiff
path: root/nx-X11/lib/X11/cmsColNm.c
Commit message (Collapse)AuthorAgeFilesLines
* Integer overflows in stringSectionSize() cause buffer overflow in ↵Alan Coopersmith2016-10-121-6/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | ReadColornameDB() [CVE-2013-1981 6/13] LoadColornameDB() calls stringSectionSize() to do a first pass over the file (which may be provided by the user via XCMSDB environment variable) to determine how much memory needs to be allocated to read in the file, then allocates the returned sizes and calls ReadColornameDB() to load the data from the file into that newly allocated memory. If stringSectionSize() overflows the signed ints used to calculate the file size (say if you have an xcmsdb with ~4 billion lines in or a combined string length of ~4 gig - which while it may have been inconceivable when Xlib was written, is quite possible today), then LoadColornameDB() may allocate a memory buffer much smaller than the amount of data ReadColornameDB() will write to it. The total size is left limited to an int, because if your xcmsdb file is larger than 2gb, you're doing it wrong. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
* update xcms files to libX11 1.3.4Ulrich Sibiller2016-10-101-9/+16
|
* VCS info lines: Remove ancient X.org / XFree86 VCS info line from code files.Mike Gabriel2016-07-061-3/+0
| | | | | This has already been started while replacing copyright info in file headers and has now been completed with this commit.
* Clear header file namespace separation (<X11/...> vs. <nx-X11/...>).Mike Gabriel2015-12-281-2/+2
| | | | | | | | | | | | | | | | | | | | In the process of building nxagent against more and more system-wide installed X.org libraries, we come to the limit of including structs from this (bundled nx-X11) and that (system-wide X.Org) library. This commit introduces a clear namespace separation of headers provided by nx-X11 and headers provided by X.Org. This approach is only temporary as we want to drop all nx-X11 bundled libraries from nx-libs. However, for a while we need to make this separation clear and also ship some reduced fake X.Org headers that avoid pulling in libX* and libNX_X* symbols at the same time. This patch has been tested on Debian jessie and unstable and requires no overall testing on various distros and distro versions, as we finally will drop all libNX_X* libraries and build against X.org's client libs. For now, this hack eases our development / cleanup process.
* Imported nx-X11-3.1.0-1.tar.gznx-X11/3.1.0-1Reinhard Tartler2011-10-101-0/+1034
Summary: Imported nx-X11-3.1.0-1.tar.gz Keywords: Imported nx-X11-3.1.0-1.tar.gz into Git repository