CVS commit: [netbsd-7] xsrc/external/mit/xorg-server/dist

Wed, 10 Dec 2014 09:36:12 -0800 

Module Name:    xsrc
Committed By:   martin
Date:           Wed Dec 10 17:35:38 UTC 2014

Modified Files:
        xsrc/external/mit/xorg-server/dist/include [netbsd-7]: dix.h
        xsrc/external/mit/xorg-server/dist/os [netbsd-7]: access.c

Log Message:
Pullup the following, requested by mrg in #308:

xsrc/external/mit/xorg-server/dist/include/dix.h 1.3
xsrc/external/mit/xorg-server/dist/os/access.c 1.3

apply two more parts of CVE-2014-8092:
  Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
  dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5.10.1 -r1.1.1.5.10.2 \
    xsrc/external/mit/xorg-server/dist/include/dix.h
cvs rdiff -u -r1.1.1.5.10.1 -r1.1.1.5.10.2 \
    xsrc/external/mit/xorg-server/dist/os/access.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: xsrc/external/mit/xorg-server/dist/include/dix.h
diff -u xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.5.10.1 xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.5.10.2
--- xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.5.10.1	Tue Dec  9 19:36:57 2014
+++ xsrc/external/mit/xorg-server/dist/include/dix.h	Wed Dec 10 17:35:38 2014
@@ -80,7 +80,7 @@ SOFTWARE.
 
 #define REQUEST_FIXED_SIZE(req, n)\
     if (((sizeof(req) >> 2) > client->req_len) || \
-        ((n >> 2) >= client->req_len) || \
+        (((n) >> 2) >= client->req_len) || \
         ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
          return(BadLength)
 

Index: xsrc/external/mit/xorg-server/dist/os/access.c
diff -u xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.5.10.1 xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.5.10.2
--- xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.5.10.1	Tue Dec  9 19:36:57 2014
+++ xsrc/external/mit/xorg-server/dist/os/access.c	Wed Dec 10 17:35:38 2014
@@ -1420,7 +1420,7 @@ GetHosts (
         for (host = validhosts; host; host = host->next)
 	{
 	    len = host->len;
-            if ((ptr + sizeof(xHostEntry) + len) > (data + n))
+            if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n))
                 break;
 	    ((xHostEntry *)ptr)->family = host->family;
 	    ((xHostEntry *)ptr)->length = len;

Reply via email to