aboutsummaryrefslogtreecommitdiff
path: root/xorg-server/os
diff options
context:
space:
mode:
Diffstat (limited to 'xorg-server/os')
-rw-r--r--xorg-server/os/access.c6
-rw-r--r--xorg-server/os/rpcauth.c4
2 files changed, 10 insertions, 0 deletions
diff --git a/xorg-server/os/access.c b/xorg-server/os/access.c
index 62c3d9925..1caedf6bb 100644
--- a/xorg-server/os/access.c
+++ b/xorg-server/os/access.c
@@ -1500,6 +1500,10 @@ GetHosts(void **data, int *pnHosts, int *pLen, BOOL * pEnabled)
for (host = validhosts; host; host = host->next) {
nHosts++;
n += pad_to_int32(host->len) + sizeof(xHostEntry);
+ /* Could check for INT_MAX, but in reality having more than 1mb of
+ hostnames in the access list is ridiculous */
+ if (n >= 1048576)
+ break;
}
if (n) {
*data = ptr = malloc(n);
@@ -1508,6 +1512,8 @@ GetHosts(void **data, int *pnHosts, int *pLen, BOOL * pEnabled)
}
for (host = validhosts; host; host = host->next) {
len = host->len;
+ if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n))
+ break;
((xHostEntry *) ptr)->family = host->family;
((xHostEntry *) ptr)->length = len;
ptr += sizeof(xHostEntry);
diff --git a/xorg-server/os/rpcauth.c b/xorg-server/os/rpcauth.c
index d60ea3518..413cc6118 100644
--- a/xorg-server/os/rpcauth.c
+++ b/xorg-server/os/rpcauth.c
@@ -66,6 +66,10 @@ authdes_ezdecode(const char *inmsg, int len)
SVCXPRT xprt;
temp_inmsg = malloc(len);
+ if (temp_inmsg == NULL) {
+ why = AUTH_FAILED; /* generic error, since there is no AUTH_BADALLOC */
+ return NULL;
+ }
memmove(temp_inmsg, inmsg, len);
memset((char *) &msg, 0, sizeof(msg));
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 15:23:48 +0000