pulseaudio: fix dependencies for openssl-3
[oi-userland.git] / components / x11 / xorg-server / patches / CVE-2021-3472.patch
bloba97743a121dfcd1be01462e50c383dff0413fb51
1 From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001
2 From: Matthieu Herrb <matthieu@herrb.eu>
3 Date: Sun, 21 Mar 2021 18:38:57 +0100
4 Subject: [PATCH] Fix XChangeFeedbackControl() request underflow
6 CVE-2021-3472 / ZDI-CAN-1259
8 This vulnerability was discovered by:
9 Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
11 Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
12 ---
13 Xi/chgfctl.c | 5 ++++-
14 1 file changed, 4 insertions(+), 1 deletion(-)
16 diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
17 index 1de4da9ef..7a597e43d 100644
18 --- a/Xi/chgfctl.c
19 +++ b/Xi/chgfctl.c
20 @@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
21 break;
22 case StringFeedbackClass:
24 - xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
25 + xStringFeedbackCtl *f;
27 + REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
28 + sizeof(xStringFeedbackCtl));
29 + f = ((xStringFeedbackCtl *) &stuff[1]);
30 if (client->swapped) {
31 if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
32 return BadLength;
33 --
34 GitLab