ac5c859b15
- cve-2007-5760.patch: XFree86-Misc Extension Invalid Array Index Vulnerability - cve-2007-5958.patch: Xorg / XFree86 file existence disclosure vulnerability - cve-2007-6427.patch: XInput Extension Memory Corruption Vulnerability - cve-2007-6428.patch: TOG-CUP Extension Memory Corruption Vulnerability - cve-2007-6429.patch: EVI and MIT-SHM Extension Integer Overflow Vulnerability
16 lines
801 B
Diff
16 lines
801 B
Diff
diff -up xorg-server-1.1.1/hw/xfree86/dixmods/extmod/xf86misc.c.jx xorg-server-1.1.1/hw/xfree86/dixmods/extmod/xf86misc.c
|
|
diff -up xorg-server-1.1.1/hw/xfree86/common/xf86MiscExt.c.jx xorg-server-1.1.1/hw/xfree86/common/xf86MiscExt.c
|
|
--- xorg-server-1.1.1/hw/xfree86/common/xf86MiscExt.c.jx 2006-07-05 14:31:40.000000000 -0400
|
|
+++ xorg-server-1.1.1/hw/xfree86/common/xf86MiscExt.c 2007-12-11 15:03:32.000000000 -0500
|
|
@@ -647,6 +647,10 @@ MiscExtPassMessage(int scrnIndex, const
|
|
|
|
DEBUG_P("MiscExtPassMessage");
|
|
|
|
+ /* should check this in the protocol, but xf86NumScreens isn't exported */
|
|
+ if (scrnIndex >= xf86NumScreens)
|
|
+ return BadValue;
|
|
+
|
|
if (*pScr->HandleMessage == NULL)
|
|
return BadImplementation;
|
|
return (*pScr->HandleMessage)(scrnIndex, msgtype, msgval, retstr);
|