openbsd/xenocara
1
0
Fork 0
mirror of https://github.com/openbsd/xenocara.git synced 2025-12-08 10:19:00 +00:00
Code Issues Projects Releases Wiki Activity

MFC: xfixes: unvalidated lengths (CVE-2017-12183)

Browse Source 
v2: Use before swap (Jeremy Huddleston Sequoia)
v3: Fix wrong XFixesCopyRegion checks (Alan Coopersmith)
This commit is contained in:
matthieu
2017-10-14 09:22:49 +00:00
parent 3b3c79f0b0
commit d62483048a
4 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
xserver/xfixes/region.c
View File

@@ -359,6 +359,7 @@ ProcXFixesCopyRegion(ClientPtr client)
RegionPtr pSource, pDestination;
REQUEST(xXFixesCopyRegionReq);
REQUEST_SIZE_MATCH(xXFixesCopyRegionReq);
VERIFY_REGION(pSource, stuff->source, client, DixReadAccess);
VERIFY_REGION(pDestination, stuff->destination, client, DixWriteAccess);
@@ -375,7 +376,7 @@ SProcXFixesCopyRegion(ClientPtr client)
REQUEST(xXFixesCopyRegionReq);
swaps(&stuff->length);
REQUEST_AT_LEAST_SIZE(xXFixesCopyRegionReq);
REQUEST_SIZE_MATCH(xXFixesCopyRegionReq);
swapl(&stuff->source);
swapl(&stuff->destination);
return (*ProcXFixesVector[stuff->xfixesReqType]) (client);