aboutsummaryrefslogtreecommitdiff
path: root/x11-servers/xorg-server/files/patch-CVE-2017-12176
diff options
context:
space:
mode:
Diffstat (limited to 'x11-servers/xorg-server/files/patch-CVE-2017-12176')
-rw-r--r--x11-servers/xorg-server/files/patch-CVE-2017-1217631
1 files changed, 31 insertions, 0 deletions
diff --git a/x11-servers/xorg-server/files/patch-CVE-2017-12176 b/x11-servers/xorg-server/files/patch-CVE-2017-12176
new file mode 100644
index 000000000000..c5c6fb85c136
--- /dev/null
+++ b/x11-servers/xorg-server/files/patch-CVE-2017-12176
@@ -0,0 +1,31 @@
+From 95f605b42d8bbb6bea2834a1abfc205981c5b803 Mon Sep 17 00:00:00 2001
+From: Nathan Kidd <nkidd@opentext.com>
+Date: Fri, 9 Jan 2015 10:15:46 -0500
+Subject: Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
+
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+Signed-off-by: Nathan Kidd <nkidd@opentext.com>
+Signed-off-by: Julien Cristau <jcristau@debian.org>
+(cherry picked from commit b747da5e25be944337a9cd1415506fc06b70aa81)
+
+diff --git a/dix/dispatch.c b/dix/dispatch.c
+index 0da431b..0fdfe11 100644
+--- dix/dispatch.c
++++ dix/dispatch.c
+@@ -3703,7 +3703,12 @@ ProcEstablishConnection(ClientPtr client)
+ prefix = (xConnClientPrefix *) ((char *) stuff + sz_xReq);
+ auth_proto = (char *) prefix + sz_xConnClientPrefix;
+ auth_string = auth_proto + pad_to_int32(prefix->nbytesAuthProto);
+- if ((prefix->majorVersion != X_PROTOCOL) ||
++
++ if ((client->req_len << 2) != sz_xReq + sz_xConnClientPrefix +
++ pad_to_int32(prefix->nbytesAuthProto) +
++ pad_to_int32(prefix->nbytesAuthString))
++ reason = "Bad length";
++ else if ((prefix->majorVersion != X_PROTOCOL) ||
+ (prefix->minorVersion != X_PROTOCOL_REVISION))
+ reason = "Protocol version mismatch";
+ else
+--
+cgit v0.10.2
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 16:34:33 +0000