libX11/libXt buffer overflows and R6.3 fix-02

[qralston+ () PITT EDU (James Crawford Ralston)]

Has anyone [else] taken a good, hard look at XC's fix-02 to see if it
fixes the buffer overflows which were found?  In particular, I compared
fix-02 against the patch Alex Belits posted to the list on May 29.  I
*think* the XC caught all of the buffer overflows in some way or
another, but as far as I can tell, they didn't take care of the "NULL
pointer + small offset dereference which caused most of programs to dump
core on startup if opening display failed" (Alex's words).

At any rate, I'm building R6.3 public-patch-2 now; when I get the build
installed somewhere, I'll see if I can break it.

Alex's message (including the patch) is easily located in the BUGTRAQ
archive at <URL:http://www.netspace.org/lsv-archive/bugtraq.html>, so I
won't include it here.

--
James Crawford Ralston \ qralston+ () pitt edu \ Systems and Networks [CIS]
University of Pittsburgh \ 600 Epsilon Drive \ Pittsburgh PA 15238-2887
"Computer, you and I need to have a little talk."  - O'Brien, ST:DS9