Skip to content

N
nx-libs
Commit 7017c22c authored by Nathan Kidd's avatar Nathan Kidd Committed by Mihai Moldovan
Browse files
Options

Xserver/Xext/saver.c Unvalidated lengths (X.org CVE-2017-12185).

commit cad5a1050b7184d828aef9c1dd151c3ab649d37e Author: Nathan Kidd <nkidd@opentext.com> Date: Fri Jan 9 09:57:23 2015 -0500 Unvalidated lengths v2: Add overflow check and remove unnecessary check (Julien Cristau) This addresses: CVE-2017-12184 in XINERAMA CVE-2017-12185 in MIT-SCREEN-SAVER CVE-2017-12186 in X-Resource CVE-2017-12187 in RENDER Reviewed-by: 's avatarJeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: 's avatarJulien Cristau <jcristau@debian.org> Signed-off-by: 's avatarNathan Kidd <nkidd@opentext.com> Signed-off-by: 's avatarJulien Cristau <jcristau@debian.org> Backported-to-NX-by: 's avatarMike Gabriel <mike.gabriel@das-netzwerkteam.de>
parent f3231601
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 0 deletions
nx-X11/programs/Xserver/Xext/saver.c
View file @ 7017c22c
...@@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client) ...@@ -1342,6 +1342,8 @@ ProcScreenSaverUnsetAttributes (ClientPtr client)
PanoramiXRes *draw; PanoramiXRes *draw;
int i; int i;
REQUEST_SIZE_MATCH(xScreenSaverUnsetAttributesReq);
if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass( if(!(draw = (PanoramiXRes *)SecurityLookupIDByClass(
client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess))) client, stuff->drawable, XRC_DRAWABLE, DixWriteAccess)))
return BadDrawable; return BadDrawable;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment