Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 09 Apr 2015 13:10:21 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com, marc.deslauriers@...onical.com
CC: cve-assign@...re.org
Subject: Re: Re: CVE Request: libX11: buffer overflow in  MakeBigReq
 macro

On 04/09/2015 09:09 AM, cve-assign@...re.org wrote:
>> The MakeBigReq macro in libX11 contained a 4-byte buffer overflow:
> 
>> https://bugs.freedesktop.org/show_bug.cgi?id=56508
> 
>> Fixed by the following commit in libX11 1.5.99.901:
> 
>> http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
> 
> (for the "#ifdef LONG64")
>> - memmove(((char *)req) + 8, ((char *)req) + 4, _BRlen << 2); \
>> + memmove(((char *)req) + 8, ((char *)req) + 4, (_BRlen - 1) << 2); \
> 
> (for the "else")
>> - memmove(((char *)req) + 8, ((char *)req) + 4, _BRlen << 2); \
>> + memmove(((char *)req) + 8, ((char *)req) + 4, (_BRlen - 1) << 2); \
> 
> Use CVE-2013-7439.

Does this assignment cover application code which has to be recompiled
because it included an expansion of broken macro?

(The question is hypothetical.  I could find copies of the header file,
but not actual users of the macro.)

-- 
Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ