summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch')
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch70
1 files changed, 0 insertions, 70 deletions
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
deleted file mode 100644
index 2103e9c198..0000000000
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14362.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 2902b78535ecc6821cc027351818b28a5c7fdbdc Mon Sep 17 00:00:00 2001
-From: Matthieu Herrb <matthieu@herrb.eu>
-Date: Tue, 18 Aug 2020 14:55:01 +0200
-Subject: [PATCH] Fix XRecordRegisterClients() Integer underflow
-
-CVE-2020-14362 ZDI-CAN-11574
-
-This vulnerability was discovered by:
-Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
-
-Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
-
-Upstream-Status: Backport
-[https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc]
-CVE: CVE-2020-14362
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- record/record.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/record/record.c b/record/record.c
-index f2d38c877..be154525d 100644
---- a/record/record.c
-+++ b/record/record.c
-@@ -2500,7 +2500,7 @@ SProcRecordQueryVersion(ClientPtr client)
- } /* SProcRecordQueryVersion */
-
- static int _X_COLD
--SwapCreateRegister(xRecordRegisterClientsReq * stuff)
-+SwapCreateRegister(ClientPtr client, xRecordRegisterClientsReq * stuff)
- {
- int i;
- XID *pClientID;
-@@ -2510,13 +2510,13 @@ SwapCreateRegister(xRecordRegisterClientsReq * stuff)
- swapl(&stuff->nRanges);
- pClientID = (XID *) &stuff[1];
- if (stuff->nClients >
-- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq))
-+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq))
- return BadLength;
- for (i = 0; i < stuff->nClients; i++, pClientID++) {
- swapl(pClientID);
- }
- if (stuff->nRanges >
-- stuff->length - bytes_to_int32(sz_xRecordRegisterClientsReq)
-+ client->req_len - bytes_to_int32(sz_xRecordRegisterClientsReq)
- - stuff->nClients)
- return BadLength;
- RecordSwapRanges((xRecordRange *) pClientID, stuff->nRanges);
-@@ -2531,7 +2531,7 @@ SProcRecordCreateContext(ClientPtr client)
-
- swaps(&stuff->length);
- REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq);
-- if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
- return status;
- return ProcRecordCreateContext(client);
- } /* SProcRecordCreateContext */
-@@ -2544,7 +2544,7 @@ SProcRecordRegisterClients(ClientPtr client)
-
- swaps(&stuff->length);
- REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq);
-- if ((status = SwapCreateRegister((void *) stuff)) != Success)
-+ if ((status = SwapCreateRegister(client, (void *) stuff)) != Success)
- return status;
- return ProcRecordRegisterClients(client);
- } /* SProcRecordRegisterClients */
---
-2.17.1
-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-02 12:50:43 +0000