CVS commit: [netbsd-5-1] xsrc/external/mit/xorg-server/dist

Wed, 10 Dec 2014 15:00:06 -0800 

Module Name:    xsrc
Committed By:   snj
Date:           Wed Dec 10 22:59:26 UTC 2014

Modified Files:
        xsrc/external/mit/xorg-server/dist/include [netbsd-5-1]: dix.h
        xsrc/external/mit/xorg-server/dist/os [netbsd-5-1]: access.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1935):
        external/mit/xorg-server/dist/include/dix.h: revision 1.3
        external/mit/xorg-server/dist/os/access.c: revision 1.3 via patch
apply two more parts of CVE-2014-8092:
  Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
  dix: GetHosts bounds check using wrong pointer value [CVE-2014-8092 pt. 6]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1.2.1.2.1 -r1.1.1.1.2.1.2.2 \
    xsrc/external/mit/xorg-server/dist/include/dix.h
cvs rdiff -u -r1.1.1.1.2.1.2.1 -r1.1.1.1.2.1.2.2 \
    xsrc/external/mit/xorg-server/dist/os/access.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: xsrc/external/mit/xorg-server/dist/include/dix.h
diff -u xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.1.2.1.2.1 xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.1.2.1.2.2
--- xsrc/external/mit/xorg-server/dist/include/dix.h:1.1.1.1.2.1.2.1	Tue Dec  9 19:56:35 2014
+++ xsrc/external/mit/xorg-server/dist/include/dix.h	Wed Dec 10 22:59:26 2014
@@ -78,7 +78,7 @@ SOFTWARE.
 
 #define REQUEST_FIXED_SIZE(req, n)\
     if (((sizeof(req) >> 2) > client->req_len) || \
-        ((n >> 2) >= client->req_len) || \
+        (((n) >> 2) >= client->req_len) || \
         ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len))  \
          return(BadLength)
 

Index: xsrc/external/mit/xorg-server/dist/os/access.c
diff -u xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.1.2.1.2.1 xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.1.2.1.2.2
--- xsrc/external/mit/xorg-server/dist/os/access.c:1.1.1.1.2.1.2.1	Tue Dec  9 19:56:35 2014
+++ xsrc/external/mit/xorg-server/dist/os/access.c	Wed Dec 10 22:59:26 2014
@@ -1474,7 +1474,7 @@ GetHosts (
         for (host = validhosts; host; host = host->next)
 	{
 	    len = host->len;
-            if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *)data + n))
+            if ((ptr + sizeof(xHostEntry) + len) > ((unsigned char *) *data + n))
                 break;
 	    ((xHostEntry *)ptr)->family = host->family;
 	    ((xHostEntry *)ptr)->length = len;

Reply via email to