components/x11/xorg-server/patches/CVE-2021-3472.patch

   1 From 7aaf54a1884f71dc363f0b884e57bcb67407a6cd Mon Sep 17 00:00:00 2001
   2 From: Matthieu Herrb <matthieu@herrb.eu>
   3 Date: Sun, 21 Mar 2021 18:38:57 +0100
   4 Subject: [PATCH] Fix XChangeFeedbackControl() request underflow
   5
   6 CVE-2021-3472 / ZDI-CAN-1259
   7
   8 This vulnerability was discovered by:
   9 Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
  10
  11 Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
  12 ---
  13  Xi/chgfctl.c | 5 ++++-
  14  1 file changed, 4 insertions(+), 1 deletion(-)
  15
  16 diff --git a/Xi/chgfctl.c b/Xi/chgfctl.c
  17 index 1de4da9ef..7a597e43d 100644
  18 --- a/Xi/chgfctl.c
  19 +++ b/Xi/chgfctl.c
  20 @@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
  21          break;
  22      case StringFeedbackClass:
  23      {
  24 -        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
  25 +        xStringFeedbackCtl *f;
  26
  27 +        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
  28 +                                    sizeof(xStringFeedbackCtl));
  29 +        f = ((xStringFeedbackCtl *) &stuff[1]);
  30          if (client->swapped) {
  31              if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
  32                  return BadLength;
  33 --
  34 GitLab
  35