From 39c6e5aa859c633fcb48e299643bb0189f333a0d Mon Sep 17 00:00:00 2001
From: Thomas Klausner <wiz@NetBSD.org>
Date: Tue, 25 Jun 2013 22:35:29 +0200
Subject: Tighten out-of-range comparisons.

[For all of these, LONG_MAX was the correct value to prevent overflows
 for the recent CVEs.   Lowering to INT_MAX catches buggy replies from
 the server that 32-bit clients would reject but 64-bit would accept,
 so we catch bugs sooner, and really, no sane & working server should
 ever report more than 2gb of extension names, font path entries,
 key modifier maps, etc.  -alan- ]

Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
---
 nx-X11/lib/X11/GetFPath.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nx-X11/lib/X11/GetFPath.c')

diff --git a/nx-X11/lib/X11/GetFPath.c b/nx-X11/lib/X11/GetFPath.c
index abd4a5dbd..8f8c6144a 100644
--- a/nx-X11/lib/X11/GetFPath.c
+++ b/nx-X11/lib/X11/GetFPath.c
@@ -50,7 +50,7 @@ char **XGetFontPath(
 
 	if (rep.nPaths) {
 	    flist = Xmalloc(rep.nPaths * sizeof (char *));
-	    if (rep.length < (LONG_MAX >> 2)) {
+	    if (rep.length < (INT_MAX >> 2)) {
 		nbytes = (unsigned long) rep.length << 2;
 		ch = Xmalloc (nbytes + 1);
                 /* +1 to leave room for last null-terminator */
-- 
cgit v1.2.3