fdo-mirrors/xorg-libx11
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/lib/libx11.git synced 2026-05-07 05:08:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

unvalidated index in _XkbReadModifierMap() [CVE-2013-1997 8/15]

Browse source 
If the X server returns modifier map indexes outside the range of the number
of keys it told us to allocate, out of bounds memory writes could occur.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
This commit is contained in:
Alan Coopersmith 2013-03-02 10:51:51 -08:00
parent 06c086e8a1
commit e56a2ada71
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/xkb/XKBGetMap.c
View file

@ -390,6 +390,9 @@ register int i;
unsigned char *wire;
if ( rep->totalModMapKeys>0 ) {
if ( ((int)rep->firstModMapKey + rep->nModMapKeys) >
(xkb->max_key_code + 1))
return BadLength;
if ((xkb->map->modmap==NULL)&&
(XkbAllocClientMap(xkb,XkbModifierMapMask,0)!=Success)) {
return BadAlloc;
@ -402,6 +405,8 @@ unsigned char *wire;
if (!wire)
return BadLength;
for (i=0;i<rep->totalModMapKeys;i++,wire+=2) {
if (wire[0] > xkb->max_key_code || wire[1] > xkb->max_key_code)
return BadLength;
xkb->map->modmap[wire[0]]= wire[1];
}
}