frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

record: Fix out of bounds access in SwapCreateRegister() 

ZDI-CAN-14952, CVE-2021-4011

This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
This commit is contained in:
Povilas Kanapickas 2021-12-14 15:00:00 +02:00
parent 4de9666b6d
commit e56f61c79f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
record/record.c
View File

@ -2516,8 +2516,8 @@ SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
swapl(pClientID); swapl(pClientID);
} }
if (stuff->nRanges > if (stuff->nRanges >
client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) (client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- stuff->nClients) - stuff->nClients) / bytes_to_int32(sz_xRecordRange))
return BadLength; return BadLength;
RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
return Success; return Success;