From c12a473f29cfadb62d38b0fffc36762d8e626676 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 26 Jan 2014 20:02:20 -0800
Subject: [PATCH 29/40] xfixes: unvalidated length in
SProcXFixesSelectSelectionInput [CVE-2014-8102]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
v2: backport to nx-libs 3.6.x (Mike DePaulo)
Conflicts:
xfixes/select.c
---
nx-X11/programs/Xserver/xfixes/select.c | 1 +
1 file changed, 1 insertion(+)
--- a/nx-X11/programs/Xserver/xfixes/select.c
+++ b/nx-X11/programs/Xserver/xfixes/select.c
@@ -216,6 +216,7 @@ SProcXFixesSelectSelectionInput (ClientP
register int n;
REQUEST(xXFixesSelectSelectionInputReq);
+ REQUEST_SIZE_MATCH(xXFixesSelectSelectionInputReq);
swaps(&stuff->length, n);
swapl(&stuff->window, n);
swapl(&stuff->selection, n);-
Mihai Moldovan authored
Removes some fuzziness and adds the -p diff option to show the C function name in hunk headers.
6ae091cc