From 7e1c3b94f42dfc5e52f0f724b6bf7d03e3b743e3 Mon Sep 17 00:00:00 2001
From: Mike DePaulo <mikedep333@gmail.com>
Date: Sat, 10 Jan 2015 12:03:47 -0500
Subject: Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04
 (xorg-server 1.15.1)

---
 xorg-server/include/dix.h | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'xorg-server/include/dix.h')

diff --git a/xorg-server/include/dix.h b/xorg-server/include/dix.h
index 82bb58cbc..821b0ed68 100644
--- a/xorg-server/include/dix.h
+++ b/xorg-server/include/dix.h
@@ -74,9 +74,14 @@ SOFTWARE.
     if ((sizeof(req) >> 2) > client->req_len )\
          return(BadLength)
 
+#define REQUEST_AT_LEAST_EXTRA_SIZE(req, extra)  \
+    if (((sizeof(req) + ((uint64_t) extra)) >> 2) > client->req_len ) \
+         return(BadLength)
+
 #define REQUEST_FIXED_SIZE(req, n)\
     if (((sizeof(req) >> 2) > client->req_len) || \
-        (((sizeof(req) + (n) + 3) >> 2) != client->req_len)) \
+        (((n) >> 2) >= client->req_len) ||                              \
+        ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
          return(BadLength)
 
 #define LEGAL_NEW_RESOURCE(id,client)\
-- 
cgit v1.2.3