Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)

author: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:03:47 -0500
committer: Mike DePaulo <mikedep333@gmail.com> 2015-01-10 12:06:49 -0500
commit: 7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 (patch)
tree: f2a4bfed7809a8e0bf4d06ec56a80191badba48b /xorg-server/include/dix.h
parent: 212ca5c6023b6b7455ad64b2c29aeff82f301a03 (diff)
download: vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.gz
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.bz2
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/xorg-server/include/dix.h b/xorg-server/include/dix.h
index 82bb58cbc..821b0ed68 100644
--- a/xorg-server/include/dix.h
+++ b/xorg-server/include/dix.h
@@ -74,9 +74,14 @@ SOFTWARE.
     if ((sizeof(req) >> 2) > client->req_len )\
          return(BadLength)
 
+#define REQUEST_AT_LEAST_EXTRA_SIZE(req, extra)  \
+    if (((sizeof(req) + ((uint64_t) extra)) >> 2) > client->req_len ) \
+         return(BadLength)
+
 #define REQUEST_FIXED_SIZE(req, n)\
     if (((sizeof(req) >> 2) > client->req_len) || \
-        (((sizeof(req) + (n) + 3) >> 2) != client->req_len)) \
+        (((n) >> 2) >= client->req_len) ||                              \
+        ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
          return(BadLength)
 
 #define LEGAL_NEW_RESOURCE(id,client)\
author	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:03:47 -0500
committer	Mike DePaulo <mikedep333@gmail.com>	2015-01-10 12:06:49 -0500
commit	7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 (patch)
tree	f2a4bfed7809a8e0bf4d06ec56a80191badba48b /xorg-server/include/dix.h
parent	212ca5c6023b6b7455ad64b2c29aeff82f301a03 (diff)
download	vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.gz vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.bz2 vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.zip