[deb_xorg-server.git] / debian / patches / CVE-2014-8xxx / 0016-xfixes-unvalidated-length-in-SProcXFixesSelectSelect.patch

From c0308b700e3e0f0b6b1dc350e822b6218d080f1a Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 26 Jan 2014 20:02:20 -0800
Subject: [PATCH 16/33] xfixes: unvalidated length in
 SProcXFixesSelectSelectionInput [CVE-2014-8102]

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 xfixes/select.c |    1 +
 1 file changed, 1 insertion(+)

--- a/xfixes/select.c
+++ b/xfixes/select.c
@@ -201,6 +201,7 @@ SProcXFixesSelectSelectionInput(ClientPt
 {
     REQUEST(xXFixesSelectSelectionInputReq);
 
+    REQUEST_SIZE_MATCH(xXFixesSelectSelectionInputReq);
     swaps(&stuff->length);
     swapl(&stuff->window);
     swapl(&stuff->selection);
Commit	Line	Data
7217e0ca ML	1	From c0308b700e3e0f0b6b1dc350e822b6218d080f1a Mon Sep 17 00:00:00 2001
	2	From: Alan Coopersmith <alan.coopersmith@oracle.com>
	3	Date: Sun, 26 Jan 2014 20:02:20 -0800
	4	Subject: [PATCH 16/33] xfixes: unvalidated length in
	5	SProcXFixesSelectSelectionInput [CVE-2014-8102]
	6
	7	Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
	8	Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
	9	---
	10	xfixes/select.c \| 1 +
	11	1 file changed, 1 insertion(+)
	12
7217e0ca ML	13	--- a/xfixes/select.c
7217e0ca ML	14	+++ b/xfixes/select.c
4db25562	15	@@ -201,6 +201,7 @@ SProcXFixesSelectSelectionInput(ClientPt
7217e0ca ML	16	{
	17	REQUEST(xXFixesSelectSelectionInputReq);
	18
	19	+ REQUEST_SIZE_MATCH(xXFixesSelectSelectionInputReq);
	20	swaps(&stuff->length);
	21	swapl(&stuff->window);
	22	swapl(&stuff->selection);