aboutsummaryrefslogtreecommitdiff
path: root/x11-servers/xorg-server/files/patch-CVE-2017-12178
diff options
context:
space:
mode:
Diffstat (limited to 'x11-servers/xorg-server/files/patch-CVE-2017-12178')
-rw-r--r--x11-servers/xorg-server/files/patch-CVE-2017-1217829
1 files changed, 29 insertions, 0 deletions
diff --git a/x11-servers/xorg-server/files/patch-CVE-2017-12178 b/x11-servers/xorg-server/files/patch-CVE-2017-12178
new file mode 100644
index 000000000000..d2b3474f0500
--- /dev/null
+++ b/x11-servers/xorg-server/files/patch-CVE-2017-12178
@@ -0,0 +1,29 @@
+From 6c15122163a2d2615db7e998e8d436815a08dec6 Mon Sep 17 00:00:00 2001
+From: Nathan Kidd <nkidd@opentext.com>
+Date: Wed, 24 Dec 2014 16:22:18 -0500
+Subject: Xi: fix wrong extra length check in ProcXIChangeHierarchy
+ (CVE-2017-12178)
+
+Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+Signed-off-by: Nathan Kidd <nkidd@opentext.com>
+Signed-off-by: Julien Cristau <jcristau@debian.org>
+(cherry picked from commit 859b08d523307eebde7724fd1a0789c44813e821)
+
+diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
+index f2b7785..7286eff 100644
+--- Xi/xichangehierarchy.c
++++ Xi/xichangehierarchy.c
+@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
+ if (!stuff->num_changes)
+ return rc;
+
+- len = ((size_t)stuff->length << 2) - sizeof(xXIAnyHierarchyChangeInfo);
++ len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
+
+ any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
+ while (stuff->num_changes--) {
+--
+cgit v0.10.2
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-01 16:28:05 +0000