Module Name: xsrc
Committed By: martin
Date: Tue Apr 27 10:41:36 UTC 2021
Modified Files:
xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-9]: chgfctl.c
Log Message:
Apply patch, requested by mrg in ticket #1257:
external/mit/xorg-server/dist/Xi/chgfctl.c (apply patch)
external/mit/xorg-server.old/dist/Xi/chgfctl.c (apply patch)
Fix for CVE-2021-3472 (local privilege escalation).
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.4.1 \
xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1.4.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1 Thu Jun 9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c Tue Apr 27 10:41:36 2021
@@ -468,8 +468,11 @@ ProcXChangeFeedbackControl(ClientPtr cli
case StringFeedbackClass:
{
char n;
- xStringFeedbackCtl *f = ((xStringFeedbackCtl *) & stuff[1]);
+ xStringFeedbackCtl *f;
+ REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+ sizeof(xStringFeedbackCtl));
+ f = ((xStringFeedbackCtl *) &stuff[1]);
if (client->swapped) {
if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
return BadLength;
