Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
xorg-x11-server.33719
U_0006-dbe-Unvalidated-variable-length-request-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0006-dbe-Unvalidated-variable-length-request-in-ProcDbeGe.patch of Package xorg-x11-server.33719
From 4ca68b878e851e2136c234f40a25008297d8d831 Mon Sep 17 00:00:00 2001 From: Nathan Kidd <nkidd@opentext.com> Date: Fri, 9 Jan 2015 10:09:14 -0500 Subject: [PATCH 6/7] dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo (CVE-2017-12177) v2: Protect against integer overflow (Alan Coopersmith) Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Nathan Kidd <nkidd@opentext.com> Signed-off-by: Julien Cristau <jcristau@debian.org> --- dbe/dbe.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dbe/dbe.c b/dbe/dbe.c index 9a0c7a701..292a22366 100644 --- a/dbe/dbe.c +++ b/dbe/dbe.c @@ -574,6 +574,9 @@ ProcDbeGetVisualInfo(ClientPtr client) XdbeScreenVisualInfo *pScrVisInfo; REQUEST_AT_LEAST_SIZE(xDbeGetVisualInfoReq); + if (stuff->n > UINT32_MAX / sizeof(CARD32)) + return BadLength; + REQUEST_FIXED_SIZE(xDbeGetVisualInfoReq, stuff->n * sizeof(CARD32)); if (stuff->n > UINT32_MAX / sizeof(DrawablePtr)) return BadAlloc; @@ -924,7 +927,7 @@ SProcDbeSwapBuffers(ClientPtr client) swapl(&stuff->n); if (stuff->n > UINT32_MAX / sizeof(DbeSwapInfoRec)) - return BadAlloc; + return BadLength; REQUEST_FIXED_SIZE(xDbeSwapBuffersReq, stuff->n * sizeof(xDbeSwapInfo)); if (stuff->n != 0) { -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor