repositories / deb_xorg-server.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Imported Debian patch 2:1.15.1-0ubuntu2.6
[deb_xorg-server.git] / debian / patches / CVE-2014-8xxx / 0036-CVE-2014-8092-additional.patch
diff --git a/debian/patches/CVE-2014-8xxx/0036-CVE-2014-8092-additional.patch b/debian/patches/CVE-2014-8xxx/0036-CVE-2014-8092-additional.patch
new file mode 100644 (file)
index 0000000..69f1ea9
--- /dev/null
+++ b/debian/patches/CVE-2014-8xxx/0036-CVE-2014-8092-additional.patch
@@ -0,0 +1,28 @@
+From 9802a0162f738de03585ca3f3b8a8266494f7d45 Mon Sep 17 00:00:00 2001
+From: Keith Packard <keithp@keithp.com>
+Date: Tue, 9 Dec 2014 09:30:59 -0800
+Subject: Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
+
+The 'n' parameter must be surrounded by parens in both places to
+prevent precedence from mis-computing things.
+
+Signed-off-by: Keith Packard <keithp@keithp.com>
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+
+diff --git a/include/dix.h b/include/dix.h
+index 21176a8..921156b 100644
+--- a/include/dix.h
++++ b/include/dix.h
+@@ -80,7 +80,7 @@ SOFTWARE.
+ #define REQUEST_FIXED_SIZE(req, n)\
+     if (((sizeof(req) >> 2) > client->req_len) || \
+-        ((n >> 2) >= client->req_len) || \
++        (((n) >> 2) >= client->req_len) ||                              \
+         ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
+          return(BadLength)
+-- 
+cgit v0.10.2
+
xorg-server Piment Noir Debian package repository