rpms / xorg-x11-server

Clone
Source Code
GIT

Files

  1.   0fd9596437a827b198e323235f1033bc5150cae6
  2.   SOURCES
  3.   0014-render-check-request-size-before-reading-it-CVE-2014.patch
Blob Blame History Raw 
From 4b0137857115c025232c866d0ecd3a68688ca9e4 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 28 Oct 2014 10:30:04 +0100
Subject: [PATCH 14/33] render: check request size before reading it
 [CVE-2014-8100 1/2]

Otherwise we may be reading outside of the client request.

Signed-off-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Fedora X Ninjas <x@fedoraproject.org>
---
 render/render.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/render/render.c b/render/render.c
index 51f75ae..ce03b13 100644
--- a/render/render.c
+++ b/render/render.c
@@ -276,11 +276,11 @@ ProcRenderQueryVersion(ClientPtr client)
 
     REQUEST(xRenderQueryVersionReq);
 
+    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
+
     pRenderClient->major_version = stuff->majorVersion;
     pRenderClient->minor_version = stuff->minorVersion;
 
-    REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
-
     if ((stuff->majorVersion * 1000 + stuff->minorVersion) <
         (SERVER_RENDER_MAJOR_VERSION * 1000 + SERVER_RENDER_MINOR_VERSION)) {
         rep.majorVersion = stuff->majorVersion;
-- 
1.9.3

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation