Module Name: xsrc
Committed By: mrg
Date: Wed Dec 10 09:15:43 UTC 2014
Modified Files:
xsrc/external/mit/xorg-server/dist/include: dix.h
xsrc/external/mit/xorg-server/dist/os: access.c
Log Message:
apply two more parts of CVE-2014-8092:
Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 xsrc/external/mit/xorg-server/dist/include/dix.h
cvs rdiff -u -r1.2 -r1.3 xsrc/external/mit/xorg-server/dist/os/access.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/xorg-server/dist/include/dix.h
diff -u xsrc/external/mit/xorg-server/dist/include/dix.h:1.2 xsrc/external/mit/xorg-server/dist/include/dix.h:1.3
--- xsrc/external/mit/xorg-server/dist/include/dix.h:1.2 Tue Dec 9 19:26:18 2014
+++ xsrc/external/mit/xorg-server/dist/include/dix.h Wed Dec 10 09:15:43 2014
@@ -80,7 +80,7 @@ SOFTWARE.
#define REQUEST_FIXED_SIZE(req, n)\
if (((sizeof(req) >> 2) > client->req_len) || \
- ((n >> 2) >= client->req_len) || \
+ (((n) >> 2) >= client->req_len) || \
((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \
return(BadLength)
Index: xsrc/external/mit/xorg-server/dist/os/access.c
diff -u xsrc/external/mit/xorg-server/dist/os/access.c:1.2 xsrc/external/mit/xorg-server/dist/os/access.c:1.3
--- xsrc/external/mit/xorg-server/dist/os/access.c:1.2 Tue Dec 9 19:26:18 2014
+++ xsrc/external/mit/xorg-server/dist/os/access.c Wed Dec 10 09:15:43 2014
@@ -1420,7 +1420,7 @@ GetHosts (
for (host = validhosts; host; host = host->next)
{
len = host->len;
- if ((ptr + sizeof(xHostEntry) + len) > (data + n))
+ if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n))
break;
((xHostEntry *)ptr)->family = host->family;
((xHostEntry *)ptr)->length = len;
