Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)

author: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
committer: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:06:49 -0500
commit: 7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 (patch)
tree: f2a4bfed7809a8e0bf4d06ec56a80191badba48b /xorg-server/glx/unpack.h
parent: 212ca5c6023b6b7455ad64b2c29aeff82f301a03 (diff)
download: vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.gz
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.bz2
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/xorg-server/glx/unpack.h b/xorg-server/glx/unpack.h
index 52fba74e1..2b1ebcf02 100644
--- a/xorg-server/glx/unpack.h
+++ b/xorg-server/glx/unpack.h
@@ -83,7 +83,8 @@ extern xGLXSingleReply __glXReply;
 ** pointer.
 */
 #define __GLX_GET_ANSWER_BUFFER(res,cl,size,align)			 \
-    if ((size) > sizeof(answerBuffer)) {				 \
+    if (size < 0) return BadLength;                                      \
+    else if ((size) > sizeof(answerBuffer)) {				 \
 	int bump;							 \
 	if ((cl)->returnBufSize < (size)+(align)) {			 \
 	    (cl)->returnBuf = (GLbyte*)realloc((cl)->returnBuf,	 	 \
author	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
committer	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:06:49 -0500
commit	7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 (patch)
tree	f2a4bfed7809a8e0bf4d06ec56a80191badba48b /xorg-server/glx/unpack.h
parent	212ca5c6023b6b7455ad64b2c29aeff82f301a03 (diff)
download	vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.gz vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.bz2 vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.zip