Commit | Line | Data |
---|---|---|
7217e0ca ML |
1 | From c0308b700e3e0f0b6b1dc350e822b6218d080f1a Mon Sep 17 00:00:00 2001 |
2 | From: Alan Coopersmith <alan.coopersmith@oracle.com> | |
3 | Date: Sun, 26 Jan 2014 20:02:20 -0800 | |
4 | Subject: [PATCH 16/33] xfixes: unvalidated length in | |
5 | SProcXFixesSelectSelectionInput [CVE-2014-8102] | |
6 | ||
7 | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> | |
8 | Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> | |
9 | --- | |
10 | xfixes/select.c | 1 + | |
11 | 1 file changed, 1 insertion(+) | |
12 | ||
13 | diff --git a/xfixes/select.c b/xfixes/select.c | |
14 | index c088ed3..e964d58 100644 | |
15 | --- a/xfixes/select.c | |
16 | +++ b/xfixes/select.c | |
17 | @@ -201,6 +201,7 @@ SProcXFixesSelectSelectionInput(ClientPtr client) | |
18 | { | |
19 | REQUEST(xXFixesSelectSelectionInputReq); | |
20 | ||
21 | + REQUEST_SIZE_MATCH(xXFixesSelectSelectionInputReq); | |
22 | swaps(&stuff->length); | |
23 | swapl(&stuff->window); | |
24 | swapl(&stuff->selection); | |
25 | -- | |
26 | 1.7.9.2 | |
27 |