[packages/XFree86.git] / XFree86-moresecurity.patch

--- XFree86-4.0/xc/lib/X11/OpenDis.c.moresecurity	Wed Jun 28 18:54:22 2000
+++ XFree86-4.0/xc/lib/X11/OpenDis.c	Wed Jun 28 18:54:58 2000
@@ -397,6 +397,11 @@
  * now extract the vendor string...  String must be null terminated,
  * padded to multiple of 4 bytes.
  */
+        /* Check for a sane vendor string length */
+        if (u.setup->nbytesVendor > 256) {
+            OutOfMemory(dpy, setup);
+            return (NULL);
+        }                                                                       
 	dpy->vendor = (char *) Xmalloc((unsigned) (u.setup->nbytesVendor + 1));
 	if (dpy->vendor == NULL) {
 	    OutOfMemory(dpy, setup);
Commit	Line	Data
dbdc0b03 JR	1	--- XFree86-4.0/xc/lib/X11/OpenDis.c.moresecurity Wed Jun 28 18:54:22 2000
	2	+++ XFree86-4.0/xc/lib/X11/OpenDis.c Wed Jun 28 18:54:58 2000
	3	@@ -397,6 +397,11 @@
	4	* now extract the vendor string... String must be null terminated,
	5	* padded to multiple of 4 bytes.
	6	*/
	7	+ /* Check for a sane vendor string length */
	8	+ if (u.setup->nbytesVendor > 256) {
	9	+ OutOfMemory(dpy, setup);
	10	+ return (NULL);
	11	+ }
	12	dpy->vendor = (char *) Xmalloc((unsigned) (u.setup->nbytesVendor + 1));
	13	if (dpy->vendor == NULL) {
	14	OutOfMemory(dpy, setup);