diff options
author | Keith Packard <keithp@keithp.com> | 2014-12-09 09:30:59 -0800 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2014-12-09 20:54:12 +0100 |
commit | 8e7c4380a56ab05412f630e9b6e02580cb04a804 (patch) | |
tree | 343d509ff891e4389400a8d9b2c8796418a1dcc0 | |
parent | 1069ca99298bf1e85e001bfde90b00a42afdb5d8 (diff) |
Missing parens in REQUEST_FIXED_SIZE macro [CVE-2014-8092 pt. 5]
The 'n' parameter must be surrounded by parens in both places to
prevent precedence from mis-computing things.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
(cherry picked from commit 9802a0162f738de03585ca3f3b8a8266494f7d45)
Signed-off-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | include/dix.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/dix.h b/include/dix.h index 41892863e..c5c86b6b8 100644 --- a/include/dix.h +++ b/include/dix.h @@ -80,7 +80,7 @@ SOFTWARE. #define REQUEST_FIXED_SIZE(req, n)\ if (((sizeof(req) >> 2) > client->req_len) || \ - ((n >> 2) >= client->req_len) || \ + (((n) >> 2) >= client->req_len) || \ ((((uint64_t) sizeof(req) + (n) + 3) >> 2) != (uint64_t) client->req_len)) \ return(BadLength) |