sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-14 15:59:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/x11-servers/xorg-server/files/patch-CVE-2017-12176
Koop Mast 05d144d761 Fix security issues: CVE-2017-12176 through CVE-2017-12187 in xorg-server. 
Bump all the slaves due to not being sure where the shared code is used.

MFH:		2017Q4
Security:	7274e0cc-575f-41bc-8619-14a41b3c2ad0
2017-10-13 19:14:53 +00:00

31 lines
1.2 KiB
Text
Raw Blame History

From 95f605b42d8bbb6bea2834a1abfc205981c5b803 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Fri, 9 Jan 2015 10:15:46 -0500
Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
(cherry picked from commit b747da5e25be944337a9cd1415506fc06b70aa81)
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 0da431b..0fdfe11 100644
--- dix/dispatch.c
+++ dix/dispatch.c
@@ -3703,7 +3703,12 @@ ProcEstablishConnection(ClientPtr client)
prefix = (xConnClientPrefix *) ((char *) stuff + sz_xReq);
auth_proto = (char *) prefix + sz_xConnClientPrefix;
auth_string = auth_proto + pad_to_int32(prefix->nbytesAuthProto);
- if ((prefix->majorVersion != X_PROTOCOL) ||
+
+ if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
+ pad_to_int32(prefix->nbytesAuthProto) +
+ pad_to_int32(prefix->nbytesAuthString))
+ reason = "Bad length";
+ else if ((prefix->majorVersion != X_PROTOCOL) ||
(prefix->minorVersion != X_PROTOCOL_REVISION))
reason = "Protocol version mismatch";
else
--
cgit v0.10.2
Reference in a new issue View git blame Copy permalink