Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.3:Update
xorg-x11-server
U_dix_GetHosts_bounds_check_using_wrong_pointer...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_dix_GetHosts_bounds_check_using_wrong_pointer_value.patch of Package xorg-x11-server
Subject: dix: GetHosts bounds check using wrong pointer value References: bnc#907268, CVE-2014-8092 Patch-Mainline: Upstream Signed-off-by: Michal Srb <msrb@suse.com> GetHosts saves the pointer to allocated memory in *data, and then wants to bounds-check writes to that region, but was mistakenly using a bare 'data' instead of '*data'. Also, data is declared as void **, so we need a cast to turn it into a byte pointer so we can actually do pointer comparisons. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- os/access.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os/access.c b/os/access.c index f393c8d..28f2d32 100644 --- a/os/access.c +++ b/os/access.c @@ -1308,7 +1308,7 @@ GetHosts(void **data, int *pnHosts, int *pLen, BOOL * pEnabled) } for (host = validhosts; host; host = host->next) { len = host->len; - if ((ptr + sizeof(xHostEntry) + len) > (data + n)) + if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n)) break; ((xHostEntry *) ptr)->family = host->family; ((xHostEntry *) ptr)->length = len; -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor