fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-01-07 17:10:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

xkb: length-check XkbListComponents before accessing the fields

Browse source 
Each string length field was accessed before checking whether that byte
was actually part of the client request. No real harm here since it
would immediately fail with BadLength anyway, but let's be correct here.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
(cherry picked from commit 1bb7767f19)
This commit is contained in:
Peter Hutterer 2022-07-13 11:38:16 +10:00 committed by Olivier Fourdan
parent bd7b4cf64d
commit eed7f2b1c8
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
xkb/xkb.c
View file

@ -5871,6 +5871,8 @@ ProcXkbListComponents(ClientPtr client)
* length wrong. */
str = (unsigned char *) &stuff[1];
for (i = 0; i < 6; i++) {
if (!_XkbCheckRequestBounds(client, stuff, str, str + 1))
return BadLength;
size = *((uint8_t *)str);
len = (str + size + 1) - ((unsigned char *) stuff);
if ((XkbPaddedSize(len) / 4) > stuff->length)