mirror of
https://gitlab.freedesktop.org/xorg/lib/libx11.git
synced 2026-04-09 20:20:37 +02:00
54540d7cba
Two users of GetReqExtra pass arbitrarily sized allocations from the caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra macro) to double-check the requested length and invalidate "req" when this happens. Users of GetReqExtra passing lengths greater than the Xlib buffer size (normally 16K) must check "req" and fail gracefully instead of crashing. Any callers of GetReqExtra that do not check "req" for NULL will experience this change, in the pathological case, as a NULL dereference instead of a buffer overflow. This is an improvement, but the documentation for GetReqExtra has been updated to reflect the need to check the value of "req" after the call. Bug that manifested the problem: https://bugs.launchpad.net/ubuntu/+source/x11-xserver-utils/+bug/792628 Signed-off-by: Kees Cook <kees@outflux.net> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
||
|---|---|---|
| .. | ||
| AppA.xml | ||
| AppB.xml | ||
| AppC.xml | ||
| AppD.xml | ||
| CH01.xml | ||
| CH02.xml | ||
| CH03.xml | ||
| CH04.xml | ||
| CH05.xml | ||
| CH06.xml | ||
| CH07.xml | ||
| CH08.xml | ||
| CH09.xml | ||
| CH10.xml | ||
| CH11.xml | ||
| CH12.xml | ||
| CH13.xml | ||
| CH14.xml | ||
| CH15.xml | ||
| CH16.xml | ||
| credits.xml | ||
| glossary.xml | ||
| libX11.xml | ||
| Makefile.am | ||