path: root/README
diff options
authorAlan Coopersmith <>2014-04-25 23:02:00 -0700
committerAlan Coopersmith <>2014-05-12 23:31:28 -0700
commit891e084b26837162b12f841060086a105edde86d (patch)
tree0233b907ad7a1a980294e7c3247e04ba36963945 /README
parent05c8020a49416dd8b7510cbba45ce4f3fc81a7dc (diff)
CVE-2014-0210: unvalidated length in _fs_recv_conn_setup()
The connection setup reply from the font server can include a list of alternate servers to contact if this font server stops working. The reply specifies a total size of all the font server names, and then provides a list of names. _fs_recv_conn_setup() allocated the specified total size for copying the names to, but didn't check to make sure it wasn't copying more data to that buffer than the size it had allocated. Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <> Reviewed-by: Adam Jackson <> Reviewed-by: Matthieu Herrb <>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions