diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-04-25 23:02:12 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-05-12 23:31:39 -0700 |
commit | cbb64aef35960b2882be721f4b8fbaa0fb649d12 (patch) | |
tree | 9a286b3f79ab8b07eec30800291ab27baccde9c0 /README | |
parent | 891e084b26837162b12f841060086a105edde86d (diff) |
CVE-2014-0210: unvalidated lengths when reading replies from font server
Functions to handle replies to font server requests were casting replies
from the generic form to reply specific structs without first checking
that the reply was at least as long as the struct being cast to.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions