Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nx-libs
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
1
Issues
1
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
dimbor
nx-libs
Commits
30463b08
Commit
30463b08
authored
Oct 10, 2011
by
Reinhard Tartler
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Imported nx-X11-3.2.0-2.tar.gz
Summary: Imported nx-X11-3.2.0-2.tar.gz Keywords: Imported nx-X11-3.2.0-2.tar.gz into Git repository
parent
713da226
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
89 additions
and
20 deletions
+89
-20
CHANGELOG
nx-X11/CHANGELOG
+7
-0
CHANGELOG.NX.original
nx-X11/CHANGELOG.NX.original
+11
-0
security.c
nx-X11/programs/Xserver/Xext/security.c
+7
-3
security.c.NX.original
nx-X11/programs/Xserver/Xext/security.c.NX.original
+7
-3
security.c.X.original
nx-X11/programs/Xserver/Xext/security.c.X.original
+7
-3
shm.c
nx-X11/programs/Xserver/Xext/shm.c
+11
-2
record.c
nx-X11/programs/Xserver/record/record.c
+13
-3
glyph.c
nx-X11/programs/Xserver/render/glyph.c
+12
-2
render.c
nx-X11/programs/Xserver/render/render.c
+14
-4
No files found.
nx-X11/CHANGELOG
View file @
30463b08
ChangeLog:
ChangeLog:
nx-X11-3.2.0-2
- Imported patch fixing issues from X.Org security advisory, June
11th, 2008: Multiple vulnerabilities in X server extensions. CVE
IDs: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362.
nx-X11-3.2.0-1
nx-X11-3.2.0-1
- Opened the 3.2.0 branch based on nx-X11-3.1.0-6.
- Opened the 3.2.0 branch based on nx-X11-3.1.0-6.
...
...
nx-X11/CHANGELOG.NX.original
View file @
30463b08
ChangeLog:
ChangeLog:
nx-X11-3.2.0-2
- Imported patch fixing issues from X.Org security advisory, June
11th, 2008: Multiple vulnerabilities in X server extensions. CVE
IDs: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362.
nx-X11-3.2.0-1
- Opened the 3.2.0 branch based on nx-X11-3.1.0-6.
nx-X11-3.1.0-6
nx-X11-3.1.0-6
- Modified Xserver Imakefile to link the Xfixes library.
- Modified Xserver Imakefile to link the Xfixes library.
...
...
nx-X11/programs/Xserver/Xext/security.c
View file @
30463b08
...
@@ -813,15 +813,19 @@ SProcSecurityGenerateAuthorization(
...
@@ -813,15 +813,19 @@ SProcSecurityGenerateAuthorization(
register
char
n
;
register
char
n
;
CARD32
*
values
;
CARD32
*
values
;
unsigned
long
nvalues
;
unsigned
long
nvalues
;
int
values_offset
;
swaps
(
&
stuff
->
length
,
n
);
swaps
(
&
stuff
->
length
,
n
);
REQUEST_AT_LEAST_SIZE
(
xSecurityGenerateAuthorizationReq
);
REQUEST_AT_LEAST_SIZE
(
xSecurityGenerateAuthorizationReq
);
swaps
(
&
stuff
->
nbytesAuthProto
,
n
);
swaps
(
&
stuff
->
nbytesAuthProto
,
n
);
swaps
(
&
stuff
->
nbytesAuthData
,
n
);
swaps
(
&
stuff
->
nbytesAuthData
,
n
);
swapl
(
&
stuff
->
valueMask
,
n
);
swapl
(
&
stuff
->
valueMask
,
n
);
values
=
(
CARD32
*
)(
&
stuff
[
1
])
+
values_offset
=
((
stuff
->
nbytesAuthProto
+
(
unsigned
)
3
)
>>
2
)
+
((
stuff
->
nbytesAuthProto
+
(
unsigned
)
3
)
>>
2
)
+
((
stuff
->
nbytesAuthData
+
(
unsigned
)
3
)
>>
2
);
((
stuff
->
nbytesAuthData
+
(
unsigned
)
3
)
>>
2
);
if
(
values_offset
>
stuff
->
length
-
(
sz_xSecurityGenerateAuthorizationReq
>>
2
))
return
BadLength
;
values
=
(
CARD32
*
)(
&
stuff
[
1
])
+
values_offset
;
nvalues
=
(((
CARD32
*
)
stuff
)
+
stuff
->
length
)
-
values
;
nvalues
=
(((
CARD32
*
)
stuff
)
+
stuff
->
length
)
-
values
;
SwapLongs
(
values
,
nvalues
);
SwapLongs
(
values
,
nvalues
);
return
ProcSecurityGenerateAuthorization
(
client
);
return
ProcSecurityGenerateAuthorization
(
client
);
...
...
nx-X11/programs/Xserver/Xext/security.c.NX.original
View file @
30463b08
...
@@ -813,15 +813,19 @@ SProcSecurityGenerateAuthorization(
...
@@ -813,15 +813,19 @@ SProcSecurityGenerateAuthorization(
register char n;
register char n;
CARD32 *values;
CARD32 *values;
unsigned long nvalues;
unsigned long nvalues;
int values_offset;
swaps(&stuff->length, n);
swaps(&stuff->length, n);
REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
swaps(&stuff->nbytesAuthProto, n);
swaps(&stuff->nbytesAuthProto, n);
swaps(&stuff->nbytesAuthData, n);
swaps(&stuff->nbytesAuthData, n);
swapl(&stuff->valueMask, n);
swapl(&stuff->valueMask, n);
values = (CARD32 *)(&stuff[1]) +
values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
((stuff->nbytesAuthData + (unsigned)3) >> 2);
((stuff->nbytesAuthData + (unsigned)3) >> 2);
if (values_offset >
stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2))
return BadLength;
values = (CARD32 *)(&stuff[1]) + values_offset;
nvalues = (((CARD32 *)stuff) + stuff->length) - values;
nvalues = (((CARD32 *)stuff) + stuff->length) - values;
SwapLongs(values, nvalues);
SwapLongs(values, nvalues);
return ProcSecurityGenerateAuthorization(client);
return ProcSecurityGenerateAuthorization(client);
...
...
nx-X11/programs/Xserver/Xext/security.c.X.original
View file @
30463b08
...
@@ -652,15 +652,19 @@ SProcSecurityGenerateAuthorization(
...
@@ -652,15 +652,19 @@ SProcSecurityGenerateAuthorization(
register char n;
register char n;
CARD32 *values;
CARD32 *values;
unsigned long nvalues;
unsigned long nvalues;
int values_offset;
swaps(&stuff->length, n);
swaps(&stuff->length, n);
REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq);
swaps(&stuff->nbytesAuthProto, n);
swaps(&stuff->nbytesAuthProto, n);
swaps(&stuff->nbytesAuthData, n);
swaps(&stuff->nbytesAuthData, n);
swapl(&stuff->valueMask, n);
swapl(&stuff->valueMask, n);
values = (CARD32 *)(&stuff[1]) +
values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
((stuff->nbytesAuthProto + (unsigned)3) >> 2) +
((stuff->nbytesAuthData + (unsigned)3) >> 2);
((stuff->nbytesAuthData + (unsigned)3) >> 2);
if (values_offset >
stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2))
return BadLength;
values = (CARD32 *)(&stuff[1]) + values_offset;
nvalues = (((CARD32 *)stuff) + stuff->length) - values;
nvalues = (((CARD32 *)stuff) + stuff->length) - values;
SwapLongs(values, nvalues);
SwapLongs(values, nvalues);
return ProcSecurityGenerateAuthorization(client);
return ProcSecurityGenerateAuthorization(client);
...
...
nx-X11/programs/Xserver/Xext/shm.c
View file @
30463b08
...
@@ -863,8 +863,17 @@ ProcShmPutImage(client)
...
@@ -863,8 +863,17 @@ ProcShmPutImage(client)
return
BadValue
;
return
BadValue
;
}
}
VERIFY_SHMSIZE
(
shmdesc
,
stuff
->
offset
,
length
*
stuff
->
totalHeight
,
/*
client
);
* There's a potential integer overflow in this check:
* VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight,
* client);
* the version below ought to avoid it
*/
if
(
stuff
->
totalHeight
!=
0
&&
length
>
(
shmdesc
->
size
-
stuff
->
offset
)
/
stuff
->
totalHeight
)
{
client
->
errorValue
=
stuff
->
totalWidth
;
return
BadValue
;
}
if
(
stuff
->
srcX
>
stuff
->
totalWidth
)
if
(
stuff
->
srcX
>
stuff
->
totalWidth
)
{
{
client
->
errorValue
=
stuff
->
srcX
;
client
->
errorValue
=
stuff
->
srcX
;
...
...
nx-X11/programs/Xserver/record/record.c
View file @
30463b08
...
@@ -2720,7 +2720,7 @@ SProcRecordQueryVersion(client)
...
@@ -2720,7 +2720,7 @@ SProcRecordQueryVersion(client)
}
/* SProcRecordQueryVersion */
}
/* SProcRecordQueryVersion */
static
void
static
int
SwapCreateRegister
(
xRecordRegisterClientsReq
*
stuff
)
SwapCreateRegister
(
xRecordRegisterClientsReq
*
stuff
)
{
{
register
char
n
;
register
char
n
;
...
@@ -2731,11 +2731,17 @@ SwapCreateRegister(xRecordRegisterClientsReq *stuff)
...
@@ -2731,11 +2731,17 @@ SwapCreateRegister(xRecordRegisterClientsReq *stuff)
swapl
(
&
stuff
->
nClients
,
n
);
swapl
(
&
stuff
->
nClients
,
n
);
swapl
(
&
stuff
->
nRanges
,
n
);
swapl
(
&
stuff
->
nRanges
,
n
);
pClientID
=
(
XID
*
)
&
stuff
[
1
];
pClientID
=
(
XID
*
)
&
stuff
[
1
];
if
(
stuff
->
nClients
>
stuff
->
length
-
(
sz_xRecordRegisterClientsReq
>>
2
))
return
BadLength
;
for
(
i
=
0
;
i
<
stuff
->
nClients
;
i
++
,
pClientID
++
)
for
(
i
=
0
;
i
<
stuff
->
nClients
;
i
++
,
pClientID
++
)
{
{
swapl
(
pClientID
,
n
);
swapl
(
pClientID
,
n
);
}
}
if
(
stuff
->
nRanges
>
stuff
->
length
-
(
sz_xRecordRegisterClientsReq
>>
2
)
-
stuff
->
nClients
)
return
BadLength
;
RecordSwapRanges
((
xRecordRange
*
)
pClientID
,
stuff
->
nRanges
);
RecordSwapRanges
((
xRecordRange
*
)
pClientID
,
stuff
->
nRanges
);
return
Success
;
}
/* SwapCreateRegister */
}
/* SwapCreateRegister */
...
@@ -2744,11 +2750,13 @@ SProcRecordCreateContext(client)
...
@@ -2744,11 +2750,13 @@ SProcRecordCreateContext(client)
ClientPtr
client
;
ClientPtr
client
;
{
{
REQUEST
(
xRecordCreateContextReq
);
REQUEST
(
xRecordCreateContextReq
);
int
status
;
register
char
n
;
register
char
n
;
swaps
(
&
stuff
->
length
,
n
);
swaps
(
&
stuff
->
length
,
n
);
REQUEST_AT_LEAST_SIZE
(
xRecordCreateContextReq
);
REQUEST_AT_LEAST_SIZE
(
xRecordCreateContextReq
);
SwapCreateRegister
((
pointer
)
stuff
);
if
((
status
=
SwapCreateRegister
((
pointer
)
stuff
))
!=
Success
)
return
status
;
return
ProcRecordCreateContext
(
client
);
return
ProcRecordCreateContext
(
client
);
}
/* SProcRecordCreateContext */
}
/* SProcRecordCreateContext */
...
@@ -2758,11 +2766,13 @@ SProcRecordRegisterClients(client)
...
@@ -2758,11 +2766,13 @@ SProcRecordRegisterClients(client)
ClientPtr
client
;
ClientPtr
client
;
{
{
REQUEST
(
xRecordRegisterClientsReq
);
REQUEST
(
xRecordRegisterClientsReq
);
int
status
;
register
char
n
;
register
char
n
;
swaps
(
&
stuff
->
length
,
n
);
swaps
(
&
stuff
->
length
,
n
);
REQUEST_AT_LEAST_SIZE
(
xRecordRegisterClientsReq
);
REQUEST_AT_LEAST_SIZE
(
xRecordRegisterClientsReq
);
SwapCreateRegister
((
pointer
)
stuff
);
if
((
status
=
SwapCreateRegister
((
pointer
)
stuff
))
!=
Success
)
return
status
;
return
ProcRecordRegisterClients
(
client
);
return
ProcRecordRegisterClients
(
client
);
}
/* SProcRecordRegisterClients */
}
/* SProcRecordRegisterClients */
...
...
nx-X11/programs/Xserver/render/glyph.c
View file @
30463b08
...
@@ -43,6 +43,12 @@
...
@@ -43,6 +43,12 @@
#include "picturestr.h"
#include "picturestr.h"
#include "glyphstr.h"
#include "glyphstr.h"
#if HAVE_STDINT_H
#include <stdint.h>
#elif !defined(UINT32_MAX)
#define UINT32_MAX 0xffffffffU
#endif
/*
/*
* From Knuth -- a good choice for hash/rehash values is p, p-2 where
* From Knuth -- a good choice for hash/rehash values is p, p-2 where
* p and p-2 are both prime. These tables are sized to have an extra 10%
* p and p-2 are both prime. These tables are sized to have an extra 10%
...
@@ -334,8 +340,12 @@ AllocateGlyph (xGlyphInfo *gi, int fdepth)
...
@@ -334,8 +340,12 @@ AllocateGlyph (xGlyphInfo *gi, int fdepth)
{
{
int
size
;
int
size
;
GlyphPtr
glyph
;
GlyphPtr
glyph
;
size_t
padded_width
;
size
=
gi
->
height
*
PixmapBytePad
(
gi
->
width
,
glyphDepths
[
fdepth
]);
padded_width
=
PixmapBytePad
(
gi
->
width
,
glyphDepths
[
fdepth
]);
if
(
gi
->
height
&&
padded_width
>
(
UINT32_MAX
-
sizeof
(
GlyphRec
))
/
gi
->
height
)
return
0
;
size
=
gi
->
height
*
padded_width
;
glyph
=
(
GlyphPtr
)
xalloc
(
size
+
sizeof
(
GlyphRec
));
glyph
=
(
GlyphPtr
)
xalloc
(
size
+
sizeof
(
GlyphRec
));
if
(
!
glyph
)
if
(
!
glyph
)
return
0
;
return
0
;
...
...
nx-X11/programs/Xserver/render/render.c
View file @
30463b08
...
@@ -1505,6 +1505,8 @@ ProcRenderCreateCursor (ClientPtr client)
...
@@ -1505,6 +1505,8 @@ ProcRenderCreateCursor (ClientPtr client)
pScreen
=
pSrc
->
pDrawable
->
pScreen
;
pScreen
=
pSrc
->
pDrawable
->
pScreen
;
width
=
pSrc
->
pDrawable
->
width
;
width
=
pSrc
->
pDrawable
->
width
;
height
=
pSrc
->
pDrawable
->
height
;
height
=
pSrc
->
pDrawable
->
height
;
if
(
height
&&
width
>
UINT32_MAX
/
(
height
*
sizeof
(
CARD32
)))
return
BadAlloc
;
if
(
stuff
->
x
>
width
if
(
stuff
->
x
>
width
||
stuff
->
y
>
height
)
||
stuff
->
y
>
height
)
return
(
BadMatch
);
return
(
BadMatch
);
...
@@ -1918,6 +1920,8 @@ static int ProcRenderCreateLinearGradient (ClientPtr client)
...
@@ -1918,6 +1920,8 @@ static int ProcRenderCreateLinearGradient (ClientPtr client)
LEGAL_NEW_RESOURCE
(
stuff
->
pid
,
client
);
LEGAL_NEW_RESOURCE
(
stuff
->
pid
,
client
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateLinearGradientReq
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateLinearGradientReq
);
if
(
stuff
->
nStops
>
UINT32_MAX
/
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
return
BadLength
;
...
@@ -2489,18 +2493,18 @@ SProcRenderCreateSolidFill(ClientPtr client)
...
@@ -2489,18 +2493,18 @@ SProcRenderCreateSolidFill(ClientPtr client)
return
(
*
ProcRenderVector
[
stuff
->
renderReqType
])
(
client
);
return
(
*
ProcRenderVector
[
stuff
->
renderReqType
])
(
client
);
}
}
static
void
swapStops
(
void
*
stuff
,
int
n
)
static
void
swapStops
(
void
*
stuff
,
int
n
um
)
{
{
int
i
;
int
i
,
n
;
CARD32
*
stops
;
CARD32
*
stops
;
CARD16
*
colors
;
CARD16
*
colors
;
stops
=
(
CARD32
*
)(
stuff
);
stops
=
(
CARD32
*
)(
stuff
);
for
(
i
=
0
;
i
<
n
;
++
i
)
{
for
(
i
=
0
;
i
<
n
um
;
++
i
)
{
swapl
(
stops
,
n
);
swapl
(
stops
,
n
);
++
stops
;
++
stops
;
}
}
colors
=
(
CARD16
*
)(
stops
);
colors
=
(
CARD16
*
)(
stops
);
for
(
i
=
0
;
i
<
4
*
n
;
++
i
)
{
for
(
i
=
0
;
i
<
4
*
n
um
;
++
i
)
{
swaps
(
stops
,
n
);
swaps
(
stops
,
n
);
++
stops
;
++
stops
;
}
}
...
@@ -2523,6 +2527,8 @@ SProcRenderCreateLinearGradient (ClientPtr client)
...
@@ -2523,6 +2527,8 @@ SProcRenderCreateLinearGradient (ClientPtr client)
swapl
(
&
stuff
->
nStops
,
n
);
swapl
(
&
stuff
->
nStops
,
n
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateLinearGradientReq
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateLinearGradientReq
);
if
(
stuff
->
nStops
>
UINT32_MAX
/
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
return
BadLength
;
...
@@ -2550,6 +2556,8 @@ SProcRenderCreateRadialGradient (ClientPtr client)
...
@@ -2550,6 +2556,8 @@ SProcRenderCreateRadialGradient (ClientPtr client)
swapl
(
&
stuff
->
nStops
,
n
);
swapl
(
&
stuff
->
nStops
,
n
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateRadialGradientReq
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateRadialGradientReq
);
if
(
stuff
->
nStops
>
UINT32_MAX
/
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
return
BadLength
;
...
@@ -2574,6 +2582,8 @@ SProcRenderCreateConicalGradient (ClientPtr client)
...
@@ -2574,6 +2582,8 @@ SProcRenderCreateConicalGradient (ClientPtr client)
swapl
(
&
stuff
->
nStops
,
n
);
swapl
(
&
stuff
->
nStops
,
n
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateConicalGradientReq
);
len
=
(
client
->
req_len
<<
2
)
-
sizeof
(
xRenderCreateConicalGradientReq
);
if
(
stuff
->
nStops
>
UINT32_MAX
/
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
if
(
len
!=
stuff
->
nStops
*
(
sizeof
(
xFixed
)
+
sizeof
(
xRenderColor
)))
return
BadLength
;
return
BadLength
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
