CVS commit: [netbsd-8] xsrc/external/mit

Tue, 27 Apr 2021 12:02:15 -0700 

Module Name:    xsrc
Committed By:   martin
Date:           Tue Apr 27 19:02:05 UTC 2021

Modified Files:
        xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-8]: chgfctl.c
        xsrc/external/mit/xorg-server/dist/Xi [netbsd-8]: chgfctl.c

Log Message:
Apply patch, requested by mrg in ticket #1673:

        external/mit/xorg-server/dist/Xi/chgfctl.c      (apply patch)
        external/mit/xorg-server.old/dist/Xi/chgfctl.c  (apply patch)

Fix for CVE-2021-3472 (local privilege escalation).


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.2.1 \
    xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c
cvs rdiff -u -r1.3 -r1.3.2.1 xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1.2.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c	Tue Apr 27 19:02:04 2021
@@ -468,8 +468,11 @@ ProcXChangeFeedbackControl(ClientPtr cli
     case StringFeedbackClass:
     {
 	char n;
-	xStringFeedbackCtl *f = ((xStringFeedbackCtl *) & stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
 	if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;

Index: xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c:1.3 xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c:1.3.2.1
--- xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c:1.3	Thu Aug 11 00:04:26 2016
+++ xsrc/external/mit/xorg-server/dist/Xi/chgfctl.c	Tue Apr 27 19:02:05 2021
@@ -464,8 +464,11 @@ ProcXChangeFeedbackControl(ClientPtr cli
         break;
     case StringFeedbackClass:
     {
-        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
         if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;

Reply via email to