xorg-x11-server/cve-2007-5760.patch

From bbde5b62a137ba726a747b838d81e92d72c1b42b Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:26:41 +0100
Subject: [PATCH] Fix for CVE-2007-5760 - XFree86 Misc extension out of bounds array index

---
 hw/xfree86/common/xf86MiscExt.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c
index c1b9c60..40c196a 100644
--- a/hw/xfree86/common/xf86MiscExt.c
+++ b/hw/xfree86/common/xf86MiscExt.c
@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char *msgtype, const char *msgval,
 {
     ScrnInfoPtr pScr = xf86Screens[scrnIndex];
 
+    /* should check this in the protocol, but xf86NumScreens isn't exported */
+    if (scrnIndex >= xf86NumScreens)
+	return BadValue;
+
     if (*pScr->HandleMessage == NULL)
 	    return BadImplementation;
     return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);
-- 
1.5.3.6
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. 2008-01-18 03:31:54 +00:00			`From bbde5b62a137ba726a747b838d81e92d72c1b42b Mon Sep 17 00:00:00 2001`
			`From: Matthieu Herrb <matthieu@bluenote.herrb.com>`
			`Date: Thu, 17 Jan 2008 15:26:41 +0100`
			`Subject: [PATCH] Fix for CVE-2007-5760 - XFree86 Misc extension out of bounds array index`

			`---`
			`hw/xfree86/common/xf86MiscExt.c \| 4 ++++`
			`1 files changed, 4 insertions(+), 0 deletions(-)`

			`diff --git a/hw/xfree86/common/xf86MiscExt.c b/hw/xfree86/common/xf86MiscExt.c`
			`index c1b9c60..40c196a 100644`
			`--- a/hw/xfree86/common/xf86MiscExt.c`
			`+++ b/hw/xfree86/common/xf86MiscExt.c`
			`@@ -548,6 +548,10 @@ MiscExtPassMessage(int scrnIndex, const char msgtype, const char msgval,`
			`{`
			`ScrnInfoPtr pScr = xf86Screens[scrnIndex];`
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability 2008-01-18 02:52:04 +00:00
			`+ /* should check this in the protocol, but xf86NumScreens isn't exported */`
			`+ if (scrnIndex >= xf86NumScreens)`
			`+ return BadValue;`
			`+`
			`if (*pScr->HandleMessage == NULL)`
			`return BadImplementation;`
			`return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);`
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. 2008-01-18 03:31:54 +00:00			`--`
			`1.5.3.6`