diff options
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch')
-rw-r--r-- | meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch deleted file mode 100644 index 2103e9c198..0000000000 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001 -From: Matthieu Herrb <matthieu@herrb.eu> -Date: Tue, 18 Aug 2020 14:55:01 +0200 -Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow - -CVE-2020-14362 ZDI-CAN-11574 - -This vulnerability was discovered by: -Jan-Niklas Sohn working with Trend Micro Zero Day Initiative - -Signed-off-by: Matthieu Herrb <matthieu@herrb.eu> - -Upstream-Status: Backport -[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc] -CVE: CVE-2020-14362 -Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> ---- - record/record.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/record/record.c b/record/record.c -index f2d38c877..be154525d 100644 ---- a/record/record.c -+++ b/record/record.c -@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client) - } /* SProcRecordQueryVersion */ - - static int _X_COLD --SwapCreateRegister(xRecordRegisterClientsReq * stuff) -+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff) - { - int i; - XID *pClientID; -@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff) - swapl(&stuff->nRanges); - pClientID = (XID *) &stuff[1]; - if (stuff->nClients > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)) - return BadLength; - for (i = 0; i < stuff->nClients; i++, pClientID++) { - swapl(pClientID); - } - if (stuff->nRanges > -- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq) -+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq) - - stuff->nClients) - return BadLength; - RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges); -@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordCreateContext(client); - } /* SProcRecordCreateContext */ -@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client) - - swaps(&stuff->length); - REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); -- if ((status = SwapCreateRegister((void *) stuff)) != Success) -+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success) - return status; - return ProcRecordRegisterClients(client); - } /* SProcRecordRegisterClients */ --- -2.17.1 - |