From 7017c22c2b5dcacc8e337029f7ed82f4bcafb819 Mon Sep 17 00:00:00 2001 From: Nathan Kidd Date: Mon, 5 Mar 2018 11:01:49 +0100 Subject: Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185). commit cad5a1050b7184d828aef9c1dd151c3ab649d37e Author: Nathan Kidd Date: Fri Jan 9 09:57:23 2015 -0500 Unvalidated lengths v2: Add overflow check and remove unnecessary check (Julien Cristau) This addresses: CVE-2017-12184 in XINERAMA CVE-2017-12185 in MIT-SCREEN-SAVER CVE-2017-12186 in X-Resource CVE-2017-12187 in RENDER Reviewed-by: Jeremy Huddleston Sequoia Reviewed-by: Julien Cristau Signed-off-by: Nathan Kidd Signed-off-by: Julien Cristau Backported-to-NX-by: Mike Gabriel --- nx-X11/programs/Xserver/Xext/saver.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'nx-X11') diff --git a/nx-X11/programs/Xserver/Xext/saver.c b/nx-X11/programs/Xserver/Xext/saver.c index 0b79a002b..89eebd7b1 100644 --- a/nx-X11/programs/Xserver/Xext/saver.c +++ b/nx-X11/programs/Xserver/Xext/saver.c @@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client) PanoramiXRes *draw; int i; + REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq); + if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) return BadDrawable; -- cgit v1.2.3