debian/patches/CVE-2014-8xxx/0009-xcmisc-unvalidated-length-in-SProcXCMiscGetXIDList-C.patch

   1 From 5fdc679e24abb348014164bf53b82a884a5b380d Mon Sep 17 00:00:00 2001
   2 From: Alan Coopersmith <alan.coopersmith@oracle.com>
   3 Date: Sun, 26 Jan 2014 17:18:54 -0800
   4 Subject: [PATCH 09/33] xcmisc: unvalidated length in SProcXCMiscGetXIDList()
   5  [CVE-2014-8096]
   6
   7 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
   8 Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
   9 ---
  10  Xext/xcmisc.c |    1 +
  11  1 file changed, 1 insertion(+)
  12
  13 --- a/Xext/xcmisc.c
  14 +++ b/Xext/xcmisc.c
  15 @@ -167,6 +167,7 @@ static int
  16  SProcXCMiscGetXIDList(ClientPtr client)
  17  {
  18      REQUEST(xXCMiscGetXIDListReq);
  19 +    REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq);
  20
  21      swaps(&stuff->length);
  22      swapl(&stuff->count);