| 1 |
From 59a3b83922c810316a374a19484b24901c7437ae Mon Sep 17 00:00:00 2001
|
| 2 |
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
|
| 3 |
Date: Thu, 17 Jan 2008 15:26:41 +0100
|
| 4 |
Subject: [PATCH] Fix for CVE-2007-5760 - XFree86 Misc extension out of bounds array index
|
| 5 |
|
| 6 |
---
|
| 7 |
hw/xfree86/common/xf86MiscExt.c | 4 ++++
|
| 8 |
1 files changed, 4 insertions(+), 0 deletions(-)
|
| 9 |
|
| 10 |
diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c
|
| 11 |
index c1b9c60..40c196a 100644
|
| 12 |
--- a/hw/xfree86/common/xf86MiscExt.c
|
| 13 |
+++ b/hw/xfree86/common/xf86MiscExt.c
|
| 14 |
@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval,
|
| 15 |
{
|
| 16 |
ScrnInfoPtr pScr = xf86Screens[scrnIndex];
|
| 17 |
|
| 18 |
+ /* should check this in the protocol, but xf86NumScreens isn't exported */
|
| 19 |
+ if (scrnIndex >= xf86NumScreens)
|
| 20 |
+ return BadValue;
|
| 21 |
+
|
| 22 |
if (*pScr->HandleMessage == NULL)
|
| 23 |
return BadImplementation;
|
| 24 |
return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);
|
| 25 |
--
|
| 26 |
1.5.3.5
|
| 27 |
|
Parent Directory
| 
Revision Log