aboutsummaryrefslogtreecommitdiff
path: root/xorg-server/os/access.c
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2015-01-10 12:03:47 -0500
committerMike DePaulo <mikedep333@gmail.com>2015-01-10 12:03:47 -0500
commit0f3cca7b69ea6711c8f1963eb213ce8f1629091f (patch)
tree0df630c725acaa3516f27a36ec9c0194fbb132ad /xorg-server/os/access.c
parent9380c3137260167265f1b528dd3687517cf9449a (diff)
downloadvcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.gz
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.tar.bz2
vcxsrv-0f3cca7b69ea6711c8f1963eb213ce8f1629091f.zip
Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1)
Diffstat (limited to 'xorg-server/os/access.c')
-rw-r--r--xorg-server/os/access.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/xorg-server/os/access.c b/xorg-server/os/access.c
index 62c3d9925..1caedf6bb 100644
--- a/xorg-server/os/access.c
+++ b/xorg-server/os/access.c
@@ -1500,6 +1500,10 @@ GetHosts(void **data, int *pnHosts, int *pLen, BOOL * pEnabled)
for (host = validhosts; host; host = host->next) {
nHosts++;
n += pad_to_int32(host->len) + sizeof(xHostEntry);
+ /* Could check for INT_MAX, but in reality having more than 1mb of
+ hostnames in the access list is ridiculous */
+ if (n >= 1048576)
+ break;
}
if (n) {
*data = ptr = malloc(n);
@@ -1508,6 +1512,8 @@ GetHosts(void **data, int *pnHosts, int *pLen, BOOL * pEnabled)
}
for (host = validhosts; host; host = host->next) {
len = host->len;
+ if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n))
+ break;
((xHostEntry *) ptr)->family = host->family;
((xHostEntry *) ptr)->length = len;
ptr += sizeof(xHostEntry);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 00:45:02 +0000