diff options
| author | drochner <drochner@pkgsrc.org> | 2007-04-03 20:25:44 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2007-04-03 20:25:44 +0000 |
| commit | 629af004e9db3ea8bd1262daa9d22a05ce2f1e87 (patch) | |
| tree | 3b82df8a12d99316fce94c5aaac9f5af466e2da7 | |
| parent | e8d2b43fdbdb6b629b19a5fde35f67ba5f8b0407 (diff) | |
| download | pkgsrc-629af004e9db3ea8bd1262daa9d22a05ce2f1e87.tar.gz | |
fix a possible memory corruption due to integer overflow in
ProcXCMiscGetXIDList()
(CVE-2007-1003)
bump PKGREVISION
| -rw-r--r-- | x11/modular-xorg-server/Makefile | 4 | ||||
| -rw-r--r-- | x11/modular-xorg-server/distinfo | 3 | ||||
| -rw-r--r-- | x11/modular-xorg-server/patches/patch-ag | 38 |
3 files changed, 42 insertions, 3 deletions
diff --git a/x11/modular-xorg-server/Makefile b/x11/modular-xorg-server/Makefile index c72fccf5376..5c3fd4fac1e 100644 --- a/x11/modular-xorg-server/Makefile +++ b/x11/modular-xorg-server/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.9 2007/03/05 17:55:27 drochner Exp $ +# $NetBSD: Makefile,v 1.10 2007/04/03 20:25:44 drochner Exp $ DISTNAME= xorg-server-1.2.0 -PKGREVISION= 1 +PKGREVISION= 2 PKGNAME= modular-${DISTNAME} CATEGORIES= x11 MASTER_SITES= http://xorg.freedesktop.org/releases/individual/xserver/ diff --git a/x11/modular-xorg-server/distinfo b/x11/modular-xorg-server/distinfo index b651ceec7a6..59c99ab44ab 100644 --- a/x11/modular-xorg-server/distinfo +++ b/x11/modular-xorg-server/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.8 2007/03/02 11:51:49 drochner Exp $ +$NetBSD: distinfo,v 1.9 2007/04/03 20:25:44 drochner Exp $ SHA1 (MesaLib-6.5.2.tar.bz2) = ba860bb6ee57c02202342dfd5927464a068ea18f RMD160 (MesaLib-6.5.2.tar.bz2) = 9a92d69110c066ae6734bcaafb78f222ac2df6d3 @@ -11,6 +11,7 @@ SHA1 (patch-ab) = 115905eba320f294c68783bb704359d824460469 SHA1 (patch-ad) = 752235269f10daade0bf60665cccde39d1583064 SHA1 (patch-ae) = 84a9100ebd88c77022b4739dfa0a961fea78df2b SHA1 (patch-af) = 6c58872798a30b31154dd7b167c84bf20ac417be +SHA1 (patch-ag) = 7fbc428f03d74a5b697e2ef97fca99ba7a5be28d SHA1 (patch-da) = 73faacda1088304025c5e05f3d58edaf9ae1145f SHA1 (patch-db) = 28913a094c8499536a71c8d4d7ca57a5efb25b39 SHA1 (patch-dc) = 75df6f37b1cbc9574adb5ee66cb84d0f5ebac853 diff --git a/x11/modular-xorg-server/patches/patch-ag b/x11/modular-xorg-server/patches/patch-ag new file mode 100644 index 00000000000..4dce9e17bd9 --- /dev/null +++ b/x11/modular-xorg-server/patches/patch-ag @@ -0,0 +1,38 @@ +$NetBSD: patch-ag,v 1.1 2007/04/03 20:25:44 drochner Exp $ + +--- Xext/xcmisc.c.orig 2007-04-03 18:03:01.000000000 +0200 ++++ Xext/xcmisc.c +@@ -42,6 +42,12 @@ from The Open Group. + #include <X11/extensions/xcmiscstr.h> + #include "modinit.h" + ++#if HAVE_STDINT_H ++#include <stdint.h> ++#elif !defined(UINT32_MAX) ++#define UINT32_MAX 0xffffffffU ++#endif ++ + #if 0 + static unsigned char XCMiscCode; + #endif +@@ -143,7 +149,10 @@ ProcXCMiscGetXIDList(client) + + REQUEST_SIZE_MATCH(xXCMiscGetXIDListReq); + +- pids = (XID *)ALLOCATE_LOCAL(stuff->count * sizeof(XID)); ++ if (stuff->count > UINT32_MAX / sizeof(XID)) ++ return BadAlloc; ++ ++ pids = (XID *)Xalloc(stuff->count * sizeof(XID)); + if (!pids) + { + return BadAlloc; +@@ -164,7 +173,7 @@ ProcXCMiscGetXIDList(client) + client->pSwapReplyFunc = (ReplySwapPtr) Swap32Write; + WriteSwappedDataToClient(client, count * sizeof(XID), pids); + } +- DEALLOCATE_LOCAL(pids); ++ Xfree(pids); + return(client->noClientException); + } + |