fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2025-12-24 16:00:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix XChangeFeedbackControl() request underflow

Browse source 
CVE-2021-3472 / ZDI-CAN-1259

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
This commit is contained in:
Matthieu Herrb 2021-03-21 18:38:57 +01:00 committed by Matthieu Herrb
parent 8890c44a75
commit a1a1aa2c14
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Xi/chgfctl.c
View file

@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
break; break;
case StringFeedbackClass: case StringFeedbackClass:
{ {
xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]); xStringFeedbackCtl *f;
REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
sizeof(xStringFeedbackCtl));
f = ((xStringFeedbackCtl *) &stuff[1]);
if (client->swapped) { if (client->swapped) {
if (len < bytes_to_int32(sizeof(xStringFeedbackCtl))) if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
return BadLength; return BadLength;