Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)

author: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
committer: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
commit: 0f3cca7b69ea6711c8f1963eb213ce8f1629091f (patch)
tree: 0df630c725acaa3516f27a36ec9c0194fbb132ad /xorg-server/Xi/chgfctl.c
parent: 9380c3137260167265f1b528dd3687517cf9449a (diff)
download: vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.gz
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.bz2
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/xorg-server/Xi/chgfctl.c b/xorg-server/Xi/chgfctl.c
index 6dcf60c66..224c2ba0a 100644
--- a/xorg-server/Xi/chgfctl.c
+++ b/xorg-server/Xi/chgfctl.c
@@ -467,6 +467,8 @@ ProcXChangeFeedbackControl(ClientPtr client)
         xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
 
         if (client->swapped) {
+            if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
+                return BadLength;
             swaps(&f->num_keysyms);
         }
         if (len !=
author	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
committer	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
commit	0f3cca7b69ea6711c8f1963eb213ce8f1629091f (patch)
tree	0df630c725acaa3516f27a36ec9c0194fbb132ad /xorg-server/Xi/chgfctl.c
parent	9380c3137260167265f1b528dd3687517cf9449a (diff)
download	vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.gz vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.bz2 vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.zip