Two users of GetReqExtra pass arbitrarily sized allocations from the
caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra
macro) to double-check the requested length and invalidate req when this
happens. Users of GetReqExtra passing lengths greater than the Xlib buffer
size
On 06/ 6/13 10:40 AM, Kees Cook wrote:
Two users of GetReqExtra pass arbitrarily sized allocations from the
caller (ModMap and Host). Adjust _XGetRequest() (called by the GetReqExtra
macro) to double-check the requested length and invalidate req when this
happens. Users of GetReqExtra passing
It seems to me that the change to GetReqExtra should indeed be merged. I
think now we're just debating what to do with any possibly-hazardous
callers. Kees, perhaps you could split the patch?
Regarding the rest, I like Alan's comments, and would add:
On Jun 6, 2013 9:17 PM, Alan Coopersmith