aboutsummaryrefslogtreecommitdiff
path: root/debian/patches/1004-CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch
blob: 1cc44d0d1af1c06ddfb3ad86df48adc24bc05469 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
From ac6694378e0ed4bdffa6e1318c9d4beda24a6b0e Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sun, 8 Feb 2015 20:12:25 -0500
Subject: [PATCH 04/40] CVE-2013-6462: unlimited sscanf overflows stack buffer
 in bdfReadCharacters() from xorg/lib/libXfont
 http://lists.x.org/archives/xorg-announce/2014-January/002389.html

Fixes cppcheck warning:
 [lib/libXfont/src/bitmap/bdfread.c:341]: (warning)
  scanf without field width limits can crash with huge input data.
---
 nx-X11/lib/font/bitmap/bdfread.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nx-X11/lib/font/bitmap/bdfread.c b/nx-X11/lib/font/bitmap/bdfread.c
index a6f0c1e..bccabd7 100644
--- a/nx-X11/lib/font/bitmap/bdfread.c
+++ b/nx-X11/lib/font/bitmap/bdfread.c
@@ -344,7 +344,7 @@ bdfReadCharacters(FontFilePtr file, FontPtr pFont, bdfFileState *pState,
 	char        charName[100];
 	int         ignore;
 
-	if (sscanf((char *) line, "STARTCHAR %s", charName) != 1) {
+	if (sscanf((char *) line, "STARTCHAR %99s", charName) != 1) {
 	    bdfError("bad character name in BDF file\n");
 	    goto BAILOUT;	/* bottom of function, free and return error */
 	}
-- 
2.1.4