Fix XkbSelectEvents() integer underflow
CVE-2020-14361 ZDI-CAN 11573 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
This commit is contained in:
parent
c940cc8b6c
commit
144849ea27
|
@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
|
|||
register unsigned bit, ndx, maskLeft, dataLeft, size;
|
||||
|
||||
from.c8 = (CARD8 *) &stuff[1];
|
||||
dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
|
||||
for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
|
||||
if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
|
||||
|
|
Loading…
Reference in New Issue