From 0d53194f7ef5980a7cd78950a4f3eb2b56e65746 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 26 Jan 2014 17:18:54 -0800
Subject: xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]

v2: backport to nx-libs 3.6.x (Mike DePaulo)

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 nx-X11/programs/Xserver/Xext/xcmisc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nx-X11/programs/Xserver/Xext/xcmisc.c b/nx-X11/programs/Xserver/Xext/xcmisc.c
index c7bb72d9b..0a9a09069 100644
--- a/nx-X11/programs/Xserver/Xext/xcmisc.c
+++ b/nx-X11/programs/Xserver/Xext/xcmisc.c
@@ -228,6 +228,7 @@ SProcXCMiscGetXIDList(client)
 {
     register int n;
     REQUEST(xXCMiscGetXIDListReq);
+    REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq);
 
     swaps(&stuff->length, n);
     swapl(&stuff->count, n);
-- 
cgit v1.2.3