diff options
| author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-01-26 17:18:54 -0800 |
|---|---|---|
| committer | Julien Cristau <jcristau@debian.org> | 2014-12-09 17:50:12 +0100 |
| commit | 3d8e2731b5dae431fe68e79ff21d067aed65a077 (patch) | |
| tree | 489bba9b0edafa0d1dbe5fe2c9a66d8a95151890 | |
| parent | 4d3d93c68b0af02f4bc4e75b0395bbbfb8a2f15c (diff) | |
xcmisc: unvalidated length in SProcXCMiscGetXIDList() [CVE-2014-8096]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 7553082b9b883b5f130044f3d53bce2f0b660e52)
Signed-off-by: Julien Cristau <jcristau@debian.org>
| -rw-r--r-- | Xext/xcmisc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Xext/xcmisc.c b/Xext/xcmisc.c index 034bfb63b..1e9101059 100644 --- a/Xext/xcmisc.c +++ b/Xext/xcmisc.c @@ -167,6 +167,7 @@ static int SProcXCMiscGetXIDList(ClientPtr client) { REQUEST(xXCMiscGetXIDListReq); + REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq); swaps(&stuff->length); swapl(&stuff->count); |