fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-05-07 05:08:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

unvalidated indexes in _XkbReadGetGeometryReply() [CVE-2013-1997 4/15]

Browse source 
If the X server returns color indexes outside the range of the number of
colors it told us to allocate, out of bounds memory access could occur.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
This commit is contained in:
Alan Coopersmith 2013-03-02 09:18:26 -08:00
parent bff938b9fe
commit 59ae16a00d
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/xkb/XKBGeom.c
View file

@ -619,6 +619,9 @@ XkbGeometryPtr geom;
if (status==Success)
status= _XkbReadGeomKeyAliases(&buf,geom,rep);
left= _XkbFreeReadBuffer(&buf);
if ((rep->baseColorNdx > geom->num_colors) ||
(rep->labelColorNdx > geom->num_colors))
status = BadLength;
if ((status!=Success) || left || buf.error) {
if (status==Success)
status= BadLength;