Projects
openEuler:20.03:LTS:SP3
xorg-x11-server
_service:tar_scm_kernel_repo:CVE-2020-14346.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:CVE-2020-14346.patch of Package xorg-x11-server
From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001 From: Matthieu Herrb <matthieu@herrb.eu> Date: Tue, 18 Aug 2020 14:49:04 +0200 Subject: [PATCH] Fix XIChangeHierarchy() integer underflow CVE-2020-14346 / ZDI-CAN-11429 reference:https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> --- Xi/xichangehierarchy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c index cbdd912..504defe 100644 --- a/Xi/xichangehierarchy.c +++ b/Xi/xichangehierarchy.c @@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) if (!stuff->num_changes) return rc; - len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); + len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq); any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; while (stuff->num_changes--) { -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.