xorg-x11-server/cve-2007-6428.patch

From 7dc1717ff0f96b99271a912b8948dfce5164d5ad Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:28:03 +0100
Subject: [PATCH] Fix for CVE-2007-6428 - TOG-cup extension memory corruption.

---
 Xext/cup.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/Xext/cup.c b/Xext/cup.c
index d0e820c..fd1409e 100644
--- a/Xext/cup.c
+++ b/Xext/cup.c
@@ -176,6 +176,9 @@ int ProcGetReservedColormapEntries(
 
     REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);
 
+    if (stuff->screen >= screenInfo.numScreens)
+	return BadValue;
+
 #ifndef HAVE_SPECIAL_DESKTOP_COLORS
     citems[CUP_BLACK_PIXEL].pixel = 
 	screenInfo.screens[stuff->screen]->blackPixel;
-- 
1.5.3.6
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. 2008-01-18 03:31:54 +00:00			`From 7dc1717ff0f96b99271a912b8948dfce5164d5ad Mon Sep 17 00:00:00 2001`
			`From: Matthieu Herrb <matthieu@bluenote.herrb.com>`
			`Date: Thu, 17 Jan 2008 15:28:03 +0100`
			`Subject: [PATCH] Fix for CVE-2007-6428 - TOG-cup extension memory corruption.`

			`---`
			`Xext/cup.c \| 3 +++`
			`1 files changed, 3 insertions(+), 0 deletions(-)`

			`diff --git a/Xext/cup.c b/Xext/cup.c`
			`index d0e820c..fd1409e 100644`
			`--- a/Xext/cup.c`
			`+++ b/Xext/cup.c`
			`@@ -176,6 +176,9 @@ int ProcGetReservedColormapEntries(`
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability 2008-01-18 02:52:04 +00:00
			`REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq);`

			`+ if (stuff->screen >= screenInfo.numScreens)`
			`+ return BadValue;`
			`+`
			`#ifndef HAVE_SPECIAL_DESKTOP_COLORS`
			`citems[CUP_BLACK_PIXEL].pixel =`
			`screenInfo.screens[stuff->screen]->blackPixel;`
* Fri Jan 18 2008 Dave Airlie <airlied@redhat.com> 1.4.99.1-0.17 - cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability - cve-2008-0006-server-fixup.patch: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. 2008-01-18 03:31:54 +00:00			`--`
			`1.5.3.6`