xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]

v2: backport to nx-libs 3.6.x (Mike DePaulo) Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
0d53194f · Alan Coopersmith · Mike Gabriel · fde1375e · 0d53194f
Commit 0d53194f authored Jan 26, 2014 by Alan Coopersmith Committed by Mike Gabriel Feb 14, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

xcmisc.c nx-X11/programs/Xserver/Xext/xcmisc.c +1 -0

No files found.
--- a/nx-X11/programs/Xserver/Xext/xcmisc.c
+++ b/nx-X11/programs/Xserver/Xext/xcmisc.c
@@ -228,6 +228,7 @@ SProcXCMiscGetXIDList(client)
 {
    register int n;
    REQUEST(xXCMiscGetXIDListReq);
+    REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq);

    swaps(&stuff->length, n);
    swapl(&stuff->count, n);