From e1938c189223164f3a75cf848e90ecc1d2e55d15 Mon Sep 17 00:00:00 2001
From: Ulrich Sibiller <uli42@gmx.de>
Date: Wed, 22 Aug 2018 22:30:34 +0200
Subject: libNX_X11: upgrade to X.org upstream version 1.6.6

We are at X.Org libX11 upstream commit 733f64b

Fixes: ArcticaProject/nx-libs #716, #719 and #720
---
 nx-X11/lib/src/LiHosts.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'nx-X11/lib/src/LiHosts.c')

diff --git a/nx-X11/lib/src/LiHosts.c b/nx-X11/lib/src/LiHosts.c
index 29c36ffb5..315e4dbb4 100644
--- a/nx-X11/lib/src/LiHosts.c
+++ b/nx-X11/lib/src/LiHosts.c
@@ -119,11 +119,16 @@ XHostAddress *XListHosts (
 	_XRead (dpy, (char *) buf, nbytes);
 
 	for (i = 0; i < reply.nHosts; i++) {
+	    if (bp > buf + nbytes - SIZEOF(xHostEntry))
+		goto fail;
 	    op->family = ((xHostEntry *) bp)->family;
 	    op->length =((xHostEntry *) bp)->length;
 	    if (op->family == FamilyServerInterpreted) {
 		char *tp = (char *) (bp + SIZEOF(xHostEntry));
-		char *vp = memchr(tp, 0, op->length);
+		char *vp;
+		if (tp > (char *) (buf + nbytes - op->length))
+		    goto fail;
+		vp = memchr(tp, 0, op->length);
 
 		if (vp != NULL) {
 		    sip->type = tp;
@@ -138,6 +143,8 @@ XHostAddress *XListHosts (
 		sip++;
 	    } else {
 		op->address = (char *) (bp + SIZEOF(xHostEntry));
+		if (op->address > (char *) (buf + nbytes - op->length))
+		    goto fail;
 	    }
 	    bp += SIZEOF(xHostEntry) + (((op->length + 3) >> 2) << 2);
 	    op++;
@@ -149,9 +156,9 @@ XHostAddress *XListHosts (
     UnlockDisplay(dpy);
     SyncHandle();
     return (outbuf);
+fail:
+    *enabled = reply.enabled;
+    *nhosts = 0;
+    Xfree(outbuf);
+    return (NULL);
 }
-
-
-
-
-
-- 
cgit v1.2.3