[PATCH 2/2] libX11: check "req" when calling GetReqExtra
Kees Cook
kees at outflux.net
Sun Jun 9 11:13:43 PDT 2013
This fixes the two callers of GetReqExtra to check that "req" is non-NULL
to avoid crashing now that GetReqExtra does internal bounds-checking on
the resulting buffer sizes.
Additionally updates comment describing return values to use names
instead of only literal values.
Signed-off-by: Kees Cook <kees at outflux.net>
---
src/Host.c | 8 ++++++++
src/ModMap.c | 10 +++++++---
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/Host.c b/src/Host.c
index da9923a..da5e2f7 100644
--- a/src/Host.c
+++ b/src/Host.c
@@ -83,6 +83,10 @@ XAddHost (
LockDisplay(dpy);
GetReqExtra (ChangeHosts, length, req);
+ if (!req) {
+ UnlockDisplay(dpy);
+ return 0;
+ }
req->mode = HostInsert;
req->hostFamily = host->family;
req->hostLength = addrlen;
@@ -118,6 +122,10 @@ XRemoveHost (
LockDisplay(dpy);
GetReqExtra (ChangeHosts, length, req);
+ if (!req) {
+ UnlockDisplay(dpy);
+ return 0;
+ }
req->mode = HostDelete;
req->hostFamily = host->family;
req->hostLength = addrlen;
diff --git a/src/ModMap.c b/src/ModMap.c
index 5c5b426..2aa2903 100644
--- a/src/ModMap.c
+++ b/src/ModMap.c
@@ -65,9 +65,9 @@ XGetModifierMapping(register Display *dpy)
/*
* Returns:
- * 0 Success
- * 1 Busy - one or more old or new modifiers are down
- * 2 Failed - one or more new modifiers unacceptable
+ * MappingSuccess (0) Success
+ * MappingBusy (1) Busy - one or more old or new modifiers are down
+ * MappingFailed (2) Failed - one or more new modifiers unacceptable
*/
int
XSetModifierMapping(
@@ -80,6 +80,10 @@ XSetModifierMapping(
LockDisplay(dpy);
GetReqExtra(SetModifierMapping, mapSize, req);
+ if (!req) {
+ UnlockDisplay(dpy);
+ return MappingFailed;
+ }
req->numKeyPerModifier = modifier_map->max_keypermod;
--
1.8.1.2
More information about the xorg-devel
mailing list