aboutsummaryrefslogtreecommitdiff
path: root/xorg-server/include/dix.h
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2015-01-10 12:03:47 -0500
committerMike DePaulo <mikedep333@gmail.com>2015-01-10 12:06:49 -0500
commit7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 (patch)
treef2a4bfed7809a8e0bf4d06ec56a80191badba48b /xorg-server/include/dix.h
parent212ca5c6023b6b7455ad64b2c29aeff82f301a03 (diff)
downloadvcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.gz
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.tar.bz2
vcxsrv-7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3.zip
Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)
Diffstat (limited to 'xorg-server/include/dix.h')
-rw-r--r--xorg-server/include/dix.h7
1 files changed, 6 insertions, 1 deletions
diff --git a/xorg-server/include/dix.h b/xorg-server/include/dix.h
index 82bb58cbc..821b0ed68 100644
--- a/xorg-server/include/dix.h
+++ b/xorg-server/include/dix.h
@@ -74,9 +74,14 @@ SOFTWARE.
if ((sizeof(req) >> 2) > client->req_len )\
return(BadLength)
+#define REQUEST_AT_LEAST_EXTRA_SIZE(req, extra) \
+ if (((sizeof(req) + ((uint64_t) extra)) >> 2) > client->req_len ) \
+ return(BadLength)
+
#define REQUEST_FIXED_SIZE(req, n)\
if (((sizeof(req) >> 2) > client->req_len) || \
- (((sizeof(req) + (n) + 3) >> 2) != client->req_len)) \
+ (((n) >> 2) >= client->req_len) || \
+ ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \
return(BadLength)
#define LEGAL_NEW_RESOURCE(id,client)\