Overview

File U_xfixes_unvalidated_length_in_SProcXFixesSelectSelectionInput.patch of Package tigervnc.1021

Subject: xfixes: unvalidated length in SProcXFixesSelectSelectionInput
References: bnc#907268, CVE-2014-8102
Patch-Mainline: Upstream
Signed-off-by: Michal Srb <msrb@suse.com>

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 xfixes/select.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/xfixes/select.c b/xfixes/select.c
index c088ed3..e964d58 100644
--- a/xfixes/select.c
+++ b/xfixes/select.c
@@ -201,6 +201,7 @@ SProcXFixesSelectSelectionInput(ClientPtr client)
 {
     REQUEST(xXFixesSelectSelectionInputReq);
 
+    REQUEST_SIZE_MATCH(xXFixesSelectSelectionInputReq);
     swaps(&stuff->length);
     swapl(&stuff->window);
     swapl(&stuff->selection);
-- 
1.7.9.2
openSUSE Build Service is sponsored by
Places