Annotation of /trunk/xorg-server/patches/xorg-server-1.4.0.90-CVE-2008-0006.patch
Parent Directory
| 
Revision Log
Revision 486 -
(hide annotations)
(download)
Wed Feb 13 00:09:39 2008 UTC (16 years, 3 months ago) by niro
File size: 912 byte(s)
Wed Feb 13 00:09:39 2008 UTC (16 years, 3 months ago) by niro
File size: 912 byte(s)
-added several security fixes, a fix for compiz and openoffice
| 1 | niro | 486 | From f09b8007e7f6e60e0b9c9665ec632b578ae08b6f Mon Sep 17 00:00:00 2001 |
| 2 | From: Matthieu Herrb <matthieu@bluenote.herrb.com> | ||
| 3 | Date: Thu, 17 Jan 2008 15:29:06 +0100 | ||
| 4 | Subject: [PATCH] Fix for CVE-2008-0006 - PCF Font parser buffer overflow. | ||
| 5 | |||
| 6 | --- | ||
| 7 | dix/dixfonts.c | 7 +++++++ | ||
| 8 | 1 files changed, 7 insertions(+), 0 deletions(-) | ||
| 9 | |||
| 10 | diff --git a/dix/dixfonts.c b/dix/dixfonts.c | ||
| 11 | index c21b3ec..7bb2404 100644 | ||
| 12 | --- a/dix/dixfonts.c | ||
| 13 | +++ b/dix/dixfonts.c | ||
| 14 | @@ -325,6 +325,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c) | ||
| 15 | err = BadFontName; | ||
| 16 | goto bail; | ||
| 17 | } | ||
| 18 | + /* check values for firstCol, lastCol, firstRow, and lastRow */ | ||
| 19 | + if (pfont->info.firstCol > pfont->info.lastCol || | ||
| 20 | + pfont->info.firstRow > pfont->info.lastRow || | ||
| 21 | + pfont->info.lastCol - pfont->info.firstCol > 255) { | ||
| 22 | + err = AllocError; | ||
| 23 | + goto bail; | ||
| 24 | + } | ||
| 25 | if (!pfont->fpe) | ||
| 26 | pfont->fpe = fpe; | ||
| 27 | pfont->refcnt++; | ||
| 28 | -- | ||
| 29 | 1.5.3.5 | ||
| 30 |