On 14.02.2015 05:47 PM, [email protected] wrote: > This is an automated email from the git hooks/post-receive script. > > x2go pushed a commit to branch 3.6.x > in repository nx-libs. > > commit ece51493f1d970f45e53588e33a700464a42fbab > Author: Mike DePaulo <[email protected]> > Date: Sun Feb 8 22:27:47 2015 -0500 > > CVE-2014-0210: unvalidated length fields in fs_read_glyphs() from > xorg/lib/libXfont commit 520683652564c2a4e42328ae23eef9bb63271565 > > fs_read_glyphs() parses a reply from the font server. The reply > contains embedded length fields, none of which are validated. > This can cause out of bound reads when looping over the glyph > bitmaps in the reply. > --- > nx-X11/lib/font/fc/fserve.c | 29 ++++++++++++++++++++++++++++- > 1 file changed, 28 insertions(+), 1 deletion(-) > > diff --git a/nx-X11/lib/font/fc/fserve.c b/nx-X11/lib/font/fc/fserve.c > index 79de4f3..26218e5 100644 > --- a/nx-X11/lib/font/fc/fserve.c > +++ b/nx-X11/lib/font/fc/fserve.c > @@ -1916,6 +1916,7 @@ fs_read_glyphs(FontPathElementPtr fpe, FSBlockDataPtr > blockrec) > FontInfoPtr pfi = &pfont->info; > fsQueryXBitmaps16Reply *rep; > char *buf; > + long bufleft; /* length of reply left to use */
I'd also initialize this: long bufleft = 0; Everything else here is OK.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ x2go-dev mailing list [email protected] http://lists.x2go.org/listinfo/x2go-dev
