Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2] - xorg/lib/libX11 - libX11 GIT Repository (mirrored from https://gitlab.freedesktop.org/xorg/lib/libx11)

diff options

author	Alan Coopersmith <alan.coopersmith@oracle.com>	2013-03-02 12:01:39 -0800
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2013-05-09 18:59:52 -0700
commit	236b603d235dc264d1c6250dca09c745458a9088 (patch)
tree	a80d778be29d154b3da18286c877a790a4506f82 /configure.ac
parent	076428918e6c35f66b9b55c3fa097ff06496d155 (diff)

Unbounded recursion in GetDatabase() when parsing include files [CVE-2013-2004 1/2]

GetIncludeFile() can call GetDatabase() which can call GetIncludeFile() which can call GetDatabase() which can call GetIncludeFile() .... eventually causing recursive stack overflow and crash. Easily reproduced with a resource file that #includes itself. Limit is set to a include depth of 100 files, which should be enough for all known use cases, but could be adjusted later if necessary. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>

Diffstat (limited to 'configure.ac')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: