From 0f3cca7b69ea6711c8f1963eb213ce8f1629091f Mon Sep 17 00:00:00 2001 From: Mike DePaulo Date: Sat, 10 Jan 2015 12:03:47 -0500 Subject: Fix CVE-2014-8091..8103. Patches were ported from Ubuntu 14.04 (xorg-server 1.15.1) --- xorg-server/present/present_request.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'xorg-server/present/present_request.c') diff --git a/xorg-server/present/present_request.c b/xorg-server/present/present_request.c index c69e68309..68076edd7 100644 --- a/xorg-server/present/present_request.c +++ b/xorg-server/present/present_request.c @@ -210,6 +210,7 @@ proc_present_query_capabilities (ClientPtr client) rep.sequenceNumber = client->sequence; rep.length = 0; + REQUEST_SIZE_MATCH(xPresentQueryCapabilitiesReq); r = dixLookupWindow(&window, stuff->target, client, DixGetAttrAccess); switch (r) { case Success: @@ -254,6 +255,7 @@ static int sproc_present_query_version(ClientPtr client) { REQUEST(xPresentQueryVersionReq); + REQUEST_SIZE_MATCH(xPresentQueryVersionReq); swaps(&stuff->length); swapl(&stuff->majorVersion); @@ -265,6 +267,7 @@ static int sproc_present_pixmap(ClientPtr client) { REQUEST(xPresentPixmapReq); + REQUEST_AT_LEAST_SIZE(xPresentPixmapReq); swaps(&stuff->length); swapl(&stuff->window); @@ -284,6 +287,7 @@ static int sproc_present_notify_msc(ClientPtr client) { REQUEST(xPresentNotifyMSCReq); + REQUEST_SIZE_MATCH(xPresentNotifyMSCReq); swaps(&stuff->length); swapl(&stuff->window); @@ -297,6 +301,7 @@ static int sproc_present_select_input (ClientPtr client) { REQUEST(xPresentSelectInputReq); + REQUEST_SIZE_MATCH(xPresentSelectInputReq); swaps(&stuff->length); swapl(&stuff->window); @@ -308,6 +313,7 @@ static int sproc_present_query_capabilities (ClientPtr client) { REQUEST(xPresentQueryCapabilitiesReq); + REQUEST_SIZE_MATCH(xPresentQueryCapabilitiesReq); swaps(&stuff->length); swapl(&stuff->target); return (*proc_present_vector[stuff->presentReqType]) (client); -- cgit v1.2.3