Bugtraq mailing list archives
RE: remote DoS in Mozilla 1.0
From: Jon Keating <jkeating () heuris com>
Date: Thu, 13 Jun 2002 13:42:14 -0500
From what I have received personally from my post, 2 * resolution_height
sounds like a good idea. Jon
-----Original Message----- From: Keith Warno [mailto:keith.warno () valaran com] Sent: Thursday, June 13, 2002 9:48 AM To: 'Tom'; bugtraq () securityfocus com Subject: RE: remote DoS in Mozilla 1.0 | -----Original Message----- | From: Tom [mailto:tom () lemuria org] | Sent: Monday, June 10, 2002 4:20 AM | To: bugtraq () securityfocus com | Subject: remote DoS in Mozilla 1.0 | [...] | | Vendor Contact | ============== [...] | also filed with the XFree86 team, no reaction so far | | There is chatter but the same type of question regarding "at what point [is] a request for a font ... clearly invalid" is being asked. ---------- Forwarded message ---------- Date: Thu, 13 Jun 2002 09:46:56 +0100 From: Juliusz Chroboczek <jec () dcs ed ac uk> Reply-To: xpert () XFree86 Org To: xpert () XFree86 Org Subject: Re: [Xpert]abort() in libXfont 4.2.0 (was FW: remote DoS in Mozilla 1.0) From: Juliusz Chroboczek <jec () dcs ed ac uk> Subject: Re: [bugtraq] remote DoS in Mozilla 1.0 To: devel () xfree86 org Date: 12 Jun 2002 08:51:49 +0100 MH> Interesting problem reported on bugtraq: MH> <http://online.securityfocus.com/archive/1/276120> I see. Two bugs here. One is the dodgy error-handling in the Type 1 backend, which gives up by calling abort() (see the very end of curves.c). I agree that this is a bug; however, as I'm hoping to phase out the current Type 1 backend in favour of one based on FreeType 2 in time for 4.3.0, I do not intend to fix it. The other problem is that we do not fail a priori requests for very large fonts. I do agree that this should be done, and I think it should be done at the common layer (above the font backends); could anyone suggest at what point a request for a font is clearly invalid? Juliusz _______________________________________________ Xpert mailing list Xpert () XFree86 Org http://XFree86.Org/mailman/listinfo/xpert
Current thread:
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0), (continued)
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Federico Sevilla III (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
- rlimits and non overcommit (was: Very large font size ...) Federico Sevilla III (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) rjh (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Rob Mayoff (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Matthew Wakeling (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
- RE: remote DoS in Mozilla 1.0 Keith Warno (Jun 13)
- Re: remote DoS in Mozilla 1.0 Tom (Jun 13)
- RE: remote DoS in Mozilla 1.0 Jon Keating (Jun 11)
- Re: Re: remote DoS in Mozilla 1.0 0xFF (Jun 11)
- RE: remote DoS in Mozilla 1.0 Jon Keating (Jun 13)
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Federico Sevilla III (Jun 13)