Skip to content

N
nx-libs
Commit e469cff0 authored by Julien Cristau's avatar Julien Cristau Committed by Mike DePaulo
Browse files
Options

render: check request size before reading it [CVE-2014-8100 1/2]

Otherwise we may be reading outside of the client request. v2: backport to nx-libs 3.6.x (Mike DePaulo) v3: port to NXrender.c rather than render.c (Mike DePaulo) Signed-off-by: 's avatarJulien Cristau <jcristau@debian.org> Reviewed-by: 's avatarAlan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: 's avatarAlan Coopersmith <alan.coopersmith@oracle.com> Conflicts: render/render.c
parent f7295831
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 1 deletion
nx-X11/programs/Xserver/hw/nxagent/NXrender.c
View file @ e469cff0
......@@ -387,10 +387,11 @@ ProcRenderQueryVersion (ClientPtr client)
register int n;
REQUEST(xRenderQueryVersionReq);
REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
pRenderClient->major_version = stuff->majorVersion;
pRenderClient->minor_version = stuff->minorVersion;
REQUEST_SIZE_MATCH(xRenderQueryVersionReq);
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment