Commit a1a1aa2c authored by Matthieu Herrb's avatar Matthieu Herrb Committed by Matthieu Herrb
Browse files

Fix XChangeFeedbackControl() request underflow



CVE-2021-3472 / ZDI-CAN-1259

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb's avatarMatthieu Herrb <matthieu@herrb.eu>
parent 8890c44a
Pipeline #300554 passed with stages
in 4 minutes and 25 seconds
......@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr client)
break;
case StringFeedbackClass:
{
xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
xStringFeedbackCtl *f;
REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
sizeof(xStringFeedbackCtl));
f = ((xStringFeedbackCtl *) &stuff[1]);
if (client->swapped) {
if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
return BadLength;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment