Date: Thu, 09 Apr 2015 13:10:21 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com, marc.deslauriers@...onical.com CC: cve-assign@...re.org Subject: Re: Re: CVE Request: libX11: buffer overflow in MakeBigReq macro On 04/09/2015 09:09 AM, cve-assign@...re.org wrote: >> The MakeBigReq macro in libX11 contained a 4-byte buffer overflow: > >> https://bugs.freedesktop.org/show_bug.cgi?id=56508 > >> Fixed by the following commit in libX11 188.8.131.521: > >> http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d > > (for the "#ifdef LONG64") >> - memmove(((char *)req) + 8, ((char *)req) + 4, _BRlen << 2); \ >> + memmove(((char *)req) + 8, ((char *)req) + 4, (_BRlen - 1) << 2); \ > > (for the "else") >> - memmove(((char *)req) + 8, ((char *)req) + 4, _BRlen << 2); \ >> + memmove(((char *)req) + 8, ((char *)req) + 4, (_BRlen - 1) << 2); \ > > Use CVE-2013-7439. Does this assignment cover application code which has to be recompiled because it included an expansion of broken macro? (The question is hypothetical. I could find copies of the header file, but not actual users of the macro.) -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ