frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xserver/hw/xfree86
History
Servaas Vandenberghe 820d9040f5 xfree86: fix potential buffer overflow 
The patch below fixes a potential buffer overflow in xf86addComment().
This occurs if  curlen > 0 && eol_seen == 0 && iscomment == 0 , as
follows from the code:

char *xf86addComment(char *cur, char *add)

<...>

        len = strlen(add);
        endnewline = add[len - 1] == '\n';
        len +=  1 + iscomment + (!hasnewline) + (!endnewline) + eol_seen;

        if ((str = realloc(cur, len + curlen)) == NULL)
                return cur;

        cur = str;

        if (eol_seen || (curlen && !hasnewline))
                cur[curlen++] = '\n';
        if (!iscomment)
                cur[curlen++] = '#';
        strcpy(cur + curlen, add);
        if (!endnewline)
                strcat(cur, "\n");

Signed-off-by: Servaas Vandenberghe <vdb@picaros.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>

[whot: added buffer overflow test case]

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
 		2011-10-31 09:39:04 +10:00
..
common xfree86: reduce calls to input_option_get_key/value 2011-10-31 09:39:04 +10:00
ddc hw/xfree86/ddc: remove duplicated include 2011-04-24 19:46:06 -07:00
dixmods xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
doc xfree86 doc: replace driver "keyboard" with "kbd" 2011-10-25 14:06:41 +10:00
dri Use internal temp variable for swap macros 2011-09-21 17:12:04 -04:00
dri2 Use internal temp variable for swap macros 2011-09-21 17:12:04 -04:00
exa xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
fbdevhw xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
i2c Space & style cleanup of hw/xfree86/i2c/fi1236.c 2011-09-20 07:41:18 -07:00
int10 int10: Port internal users off xf86MapVidMem 2011-10-15 21:18:46 -07:00
loader Do not uselessly reload modules in DuplicateModule 2011-10-18 14:21:32 +02:00
man xorg.conf.man: fix 382: warning: missing `)' (got `R') #35054 2011-10-19 17:22:18 -07:00
modes xf86Crtc: handle no outputs with no modes harder. 2011-10-24 18:09:35 -07:00
os-support Merge remote-tracking branch 'whot/for-keith' 2011-10-19 17:26:50 -07:00
parser xfree86: fix potential buffer overflow 2011-10-31 09:39:04 +10:00
ramdac Eliminate MAXSCREENS-sized CursorScreenKey array. 2011-09-19 22:53:05 -07:00
shadowfb xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
utils os: Remove Error() 2011-10-11 21:23:46 -07:00
vbe xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
vgahw pci: Remove xf86MapDomainMemory 2011-10-15 21:18:46 -07:00
x86emu x86emu: There is no NO_INLINE implementation of unaligned access here. 2011-09-15 10:07:11 -05:00
xaa xfree86: Link modules with -module 2011-10-15 21:18:47 -07:00
.gitignore xfree86: Move sdksyms generation to ddx toplevel 2011-06-23 05:28:31 -07:00
Makefile.am sdksyms.sh may not be executable. 2011-10-01 17:35:19 +02:00
sdksyms.sh configure: wrap PCI code with macro and set it at build time 2011-10-15 21:18:47 -07:00
xorgconf.cpp xfree86: use sed rather than cpp to perform string substitutions 2011-01-18 15:11:14 -08:00