Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/x11-base/xorg-server/files/1.4-0005-Fix-for-CVE-2008-0006-PCF-Font-parser-buffer-overf.patch
blob: bb09eb8368f6d7f5883a8755635be76e6d47b15e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

From f09b8007e7f6e60e0b9c9665ec632b578ae08b6f Mon Sep 17 00:00:00 2001
From: Matthieu Herrb <matthieu@bluenote.herrb.com>
Date: Thu, 17 Jan 2008 15:29:06 +0100
Subject: [PATCH] Fix for CVE-2008-0006 - PCF Font parser buffer overflow.

---
 dix/dixfonts.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index c21b3ec..7bb2404 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -325,6 +325,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c)
 	err = BadFontName;
 	goto bail;
     }
+    /* check values for firstCol, lastCol, firstRow, and lastRow */
+    if (pfont->info.firstCol > pfont->info.lastCol ||
+       pfont->info.firstRow > pfont->info.lastRow ||
+       pfont->info.lastCol - pfont->info.firstCol > 255) {
+       err = AllocError;
+       goto bail;
+    }
     if (!pfont->fpe)
 	pfont->fpe = fpe;
     pfont->refcnt++;
-- 
1.5.3.5