[pkgsrc/trunk]: pkgsrc/x11/modular-xorg-server Fix http://www.x.org/wiki/Deve...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/x11/modular-xorg-server Fix http://www.x.org/wiki/Deve...
From: wiz <wiz%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 17:19:50 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3ac06d5c5ab7
branches:  trunk
changeset: 646557:3ac06d5c5ab7
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Feb 11 09:43:39 2015 +0000

description:
Fix http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/
Bump PKGREVISION.

diffstat:

 x11/modular-xorg-server/Makefile                |    4 +-
 x11/modular-xorg-server/distinfo                |    3 +-
 x11/modular-xorg-server/patches/patch-xkb_xkb.c |  140 ++++++++++++++++++++++++
 3 files changed, 144 insertions(+), 3 deletions(-)

diffs (172 lines):

diff -r 85186eed01f5 -r 3ac06d5c5ab7 x11/modular-xorg-server/Makefile
--- a/x11/modular-xorg-server/Makefile  Wed Feb 11 09:38:12 2015 +0000
+++ b/x11/modular-xorg-server/Makefile  Wed Feb 11 09:43:39 2015 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.86 2014/12/21 16:14:05 wiz Exp $
+# $NetBSD: Makefile,v 1.87 2015/02/11 09:43:39 wiz Exp $
 
 DISTNAME=      xorg-server-1.12.4
 PKGNAME=       modular-${DISTNAME}
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    x11
 MASTER_SITES=  ${MASTER_SITE_XORG:=xserver/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 85186eed01f5 -r 3ac06d5c5ab7 x11/modular-xorg-server/distinfo
--- a/x11/modular-xorg-server/distinfo  Wed Feb 11 09:38:12 2015 +0000
+++ b/x11/modular-xorg-server/distinfo  Wed Feb 11 09:43:39 2015 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.55 2014/12/21 16:14:05 wiz Exp $
+$NetBSD: distinfo,v 1.56 2015/02/11 09:43:39 wiz Exp $
 
 SHA1 (xorg-server-1.12.4.tar.bz2) = 6d616874f9c7677bda08dc073c03f83e78fbc585
 RMD160 (xorg-server-1.12.4.tar.bz2) = 4907b5dc42efd6b3fb6bf9d64f1441080a6a6983
@@ -62,3 +62,4 @@
 SHA1 (patch-test_xi2_protocol-xiquerypointer.c) = 6594dff2bccac46aa4b8aec7c517d122517407ad
 SHA1 (patch-test_xi2_protocol-xiwarppointer.c) = fda57d72b963890478e8e78dfbe2864eb51971d2
 SHA1 (patch-xfixes_select.c) = 0f0dac08732a54112a2f0a7b3f1393a28fbfd8bc
+SHA1 (patch-xkb_xkb.c) = 95861e071546428ab5ada2365e2b8201f238577c
diff -r 85186eed01f5 -r 3ac06d5c5ab7 x11/modular-xorg-server/patches/patch-xkb_xkb.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/modular-xorg-server/patches/patch-xkb_xkb.c   Wed Feb 11 09:43:39 2015 +0000
@@ -0,0 +1,140 @@
+$NetBSD: patch-xkb_xkb.c,v 1.1 2015/02/11 09:43:39 wiz Exp $
+
+From cc830bd3a5b44796f1e8721f336dca4f565a8130 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan%redhat.com@localhost>
+Date: Fri, 16 Jan 2015 08:44:45 +0100
+Subject: [PATCH] xkb: Check strings length against request size
+
+Ensure that the given strings length in an XkbSetGeometry request remain
+within the limits of the size of the request.
+
+Signed-off-by: Olivier Fourdan <ofourdan%redhat.com@localhost>
+---
+ xkb/xkb.c | 65 +++++++++++++++++++++++++++++++++++++++------------------------
+ 1 file changed, 40 insertions(+), 25 deletions(-)
+
+--- xkb/xkb.c.orig     2012-05-17 17:09:05.000000000 +0000
++++ xkb/xkb.c
+@@ -4946,26 +4946,29 @@ ProcXkbGetGeometry(ClientPtr client)
+ 
+ /***====================================================================***/
+ 
+-static char *
+-_GetCountedString(char **wire_inout, Bool swap)
++static Status
++_GetCountedString(char **wire_inout, ClientPtr client, char **str)
+ {
+-    char *wire, *str;
+-    CARD16 len, *plen;
++    char *wire, *next;
++    CARD16 len;
+ 
+     wire = *wire_inout;
+-    plen = (CARD16 *) wire;
+-    if (swap) {
+-        swaps(plen);
+-    }
+-    len = *plen;
+-    str = malloc(len + 1);
+-    if (str) {
+-        memcpy(str, &wire[2], len);
+-        str[len] = '\0';
++    len = *(CARD16 *) wire;
++    if (client->swapped) {
++        swaps(&len);
+     }
+-    wire += XkbPaddedSize(len + 2);
+-    *wire_inout = wire;
+-    return str;
++    next = wire + XkbPaddedSize(len + 2);
++    /* Check we're still within the size of the request */
++    if (client->req_len <
++        bytes_to_int32(next - (char *) client->requestBuffer))
++        return BadValue;
++    *str = malloc(len + 1);
++    if (!*str)
++        return BadAlloc;
++    memcpy(*str, &wire[2], len);
++    *(*str + len) = '\0';
++    *wire_inout = next;
++    return Success;
+ }
+ 
+ static Status
+@@ -4975,6 +4978,7 @@ _CheckSetDoodad(char **wire_inout,
+     char *wire;
+     xkbDoodadWireDesc *dWire;
+     XkbDoodadPtr doodad;
++    Status status;
+ 
+     dWire = (xkbDoodadWireDesc *) (*wire_inout);
+     wire = (char *) &dWire[1];
+@@ -5022,8 +5026,14 @@ _CheckSetDoodad(char **wire_inout,
+         doodad->text.width = dWire->text.width;
+         doodad->text.height = dWire->text.height;
+         doodad->text.color_ndx = dWire->text.colorNdx;
+-        doodad->text.text = _GetCountedString(&wire, client->swapped);
+-        doodad->text.font = _GetCountedString(&wire, client->swapped);
++        status = _GetCountedString(&wire, client, &doodad->text.text);
++        if (status != Success)
++            return status;
++        status = _GetCountedString(&wire, client, &doodad->text.font);
++        if (status != Success) {
++            free (doodad->text.text);
++            return status;
++        }
+         break;
+     case XkbIndicatorDoodad:
+         if (dWire->indicator.onColorNdx >= geom->num_colors) {
+@@ -5058,7 +5068,9 @@ _CheckSetDoodad(char **wire_inout,
+         }
+         doodad->logo.color_ndx = dWire->logo.colorNdx;
+         doodad->logo.shape_ndx = dWire->logo.shapeNdx;
+-        doodad->logo.logo_name = _GetCountedString(&wire, client->swapped);
++        status = _GetCountedString(&wire, client, &doodad->logo.logo_name);
++        if (status != Success)
++            return status;
+         break;
+     default:
+         client->errorValue = _XkbErrCode2(0x4F, dWire->any.type);
+@@ -5290,18 +5302,20 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSe
+     char *wire;
+ 
+     wire = (char *) &req[1];
+-    geom->label_font = _GetCountedString(&wire, client->swapped);
++    status = _GetCountedString(&wire, client, &geom->label_font);
++    if (status != Success)
++        return status;
+ 
+     for (i = 0; i < req->nProperties; i++) {
+         char *name, *val;
+ 
+-        name = _GetCountedString(&wire, client->swapped);
+-        if (!name)
+-            return BadAlloc;
+-        val = _GetCountedString(&wire, client->swapped);
+-        if (!val) {
++        status = _GetCountedString(&wire, client, &name);
++        if (status != Success)
++            return status;
++        status = _GetCountedString(&wire, client, &val);
++        if (status != Success) {
+             free(name);
+-            return BadAlloc;
++            return status;
+         }
+         if (XkbAddGeomProperty(geom, name, val) == NULL) {
+             free(name);
+@@ -5335,9 +5349,9 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSe
+     for (i = 0; i < req->nColors; i++) {
+         char *name;
+ 
+-        name = _GetCountedString(&wire, client->swapped);
+-        if (!name)
+-            return BadAlloc;
++        status = _GetCountedString(&wire, client, &name);
++        if (status != Success)
++            return status;
+         if (!XkbAddGeomColor(geom, name, geom->num_colors)) {
+             free(name);
+             return BadAlloc;

Prev by Date: [pkgsrc/trunk]: pkgsrc/multimedia/gst-plugins1-egl-opengl Import gst-plugins1...
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated www/ruby-faraday to 0.9.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/multimedia/gst-plugins1-egl-opengl Import gst-plugins1...
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated www/ruby-faraday to 0.9.1
Indexes:

Home | Main Index | Thread Index | Old Index