Fix XkbSelectEvents() integer underflow
CVE-2020-14361 ZDI-CAN 11573 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> (cherry picked from commit 90304b3c2018a6b8f4a79de86364d2af15cb9ad8)
This commit is contained in:
parent
eff3f6cdd3
commit
5b384e7678
|
@ -76,7 +76,7 @@ SProcXkbSelectEvents(ClientPtr client)
|
|||
register unsigned bit, ndx, maskLeft, dataLeft, size;
|
||||
|
||||
from.c8 = (CARD8 *) &stuff[1];
|
||||
dataLeft = (stuff->length * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
dataLeft = (client->req_len * 4) - SIZEOF(xkbSelectEventsReq);
|
||||
maskLeft = (stuff->affectWhich & (~XkbMapNotifyMask));
|
||||
for (ndx = 0, bit = 1; (maskLeft != 0); ndx++, bit <<= 1) {
|
||||
if (((bit & maskLeft) == 0) || (ndx == XkbMapNotify))
|
||||
|
|
Loading…
Reference in New Issue