Overview

File U_0005-Xi-fix-wrong-extra-length-check-in-ProcXIChangeHiera.patch of Package xorg-x11-server.15942

From 859b08d523307eebde7724fd1a0789c44813e821 Mon Sep 17 00:00:00 2001
From: Nathan Kidd <nkidd@opentext.com>
Date: Wed, 24 Dec 2014 16:22:18 -0500
Subject: [PATCH 5/7] Xi: fix wrong extra length check in ProcXIChangeHierarchy
 (CVE-2017-12178)

Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
---
 Xi/xichangehierarchy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
index 87f191ffa..cbdd91258 100644
--- a/Xi/xichangehierarchy.c
+++ b/Xi/xichangehierarchy.c
@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
     if (!stuff->num_changes)
         return rc;
 
-    len = ((size_t)stuff->length << 2) - sizeof(xXIAnyHierarchyChangeInfo);
+    len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
 
     any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
     while (stuff->num_changes--) {
-- 
2.13.6
openSUSE Build Service is sponsored by
Places