Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:frispete:RemoteDesktop
xorg-x11-server
U_dix_integer_overflow_in_REQUEST_FIXED_SIZE.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_dix_integer_overflow_in_REQUEST_FIXED_SIZE.patch of Package xorg-x11-server
Subject: dix: integer overflow in REQUEST_FIXED_SIZE() References: bnc#907268, CVE-2014-8092 Patch-Mainline: Upstream Signed-off-by: Michal Srb <msrb@suse.com> Force use of 64-bit integers when evaluating data provided by clients in 32-bit fields which can overflow when added or multiplied during checks. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> --- include/dix.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/dix.h b/include/dix.h index 991a3ce..e0c6ed8 100644 --- a/include/dix.h +++ b/include/dix.h @@ -76,7 +76,8 @@ SOFTWARE. #define REQUEST_FIXED_SIZE(req, n)\ if (((sizeof(req) >> 2) > client->req_len) || \ - (((sizeof(req) + (n) + 3) >> 2) != client->req_len)) \ + ((n >> 2) >= client->req_len) || \ + ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \ return(BadLength) #define LEGAL_NEW_RESOURCE(id,client)\ -- 1.7.9.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor