| 1 | From 5fdc679e24abb348014164bf53b82a884a5b380d Mon Sep 17 00:00:00 2001 |
| 2 | From: Alan Coopersmith <alan.coopersmith@oracle.com> |
| 3 | Date: Sun, 26 Jan 2014 17:18:54 -0800 |
| 4 | Subject: [PATCH 09/33] xcmisc: unvalidated length in SProcXCMiscGetXIDList() |
| 5 | [CVE-2014-8096] |
| 6 | |
| 7 | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> |
| 8 | Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net> |
| 9 | --- |
| 10 | Xext/xcmisc.c | 1 + |
| 11 | 1 file changed, 1 insertion(+) |
| 12 | |
| 13 | --- a/Xext/xcmisc.c |
| 14 | +++ b/Xext/xcmisc.c |
| 15 | @@ -167,6 +167,7 @@ static int |
| 16 | SProcXCMiscGetXIDList(ClientPtr client) |
| 17 | { |
| 18 | REQUEST(xXCMiscGetXIDListReq); |
| 19 | + REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq); |
| 20 | |
| 21 | swaps(&stuff->length); |
| 22 | swapl(&stuff->count); |