xkb: proof GetCountedString against request length attacks (11beef0b) · Commits · xorg / xserver · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Commit 11beef0b authored Jul 05, 2022 by Peter Hutterer

xkb: proof GetCountedString against request length attacks

GetCountedString did a check for the whole string to be within the
request buffer but not for the initial 2 bytes that contain the length
field. A swapped client could send a malformed request to trigger a
swaps() on those bytes, writing into random memory.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>

parent 1bb7767f

Pipeline #644843 passed with stages

in 2 minutes and 15 seconds

Hide whitespace changes

Inline Side-by-side

Olivier Fourdan 🛠 @ofourdan
mentioned in merge request !974 (merged)
· Sep 13, 2022

mentioned in merge request !974 (merged)

mentioned in merge request !974

Toggle commit list

Please register or to comment