frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

record: Fix out of bounds access in SwapCreateRegister() 

ZDI-CAN-14952, CVE-2021-4011

This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit e56f61c79f)
This commit is contained in:
Povilas Kanapickas 2021-12-15 10:41:18 +02:00
parent a39218d99c
commit a82d523edb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
record/record.c
View File

@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
swapl(pClientID);
}
if (stuff->nRanges >
client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- stuff->nClients)
(client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- stuff->nClients) / bytes_to_int32(sz_xRecordRange))
return BadLength;
RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
return Success;