Module Name: xsrc Committed By: martin Date: Tue Apr 27 10:41:36 UTC 2021
Modified Files: xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-9]: chgfctl.c Log Message: Apply patch, requested by mrg in ticket #1257: external/mit/xorg-server/dist/Xi/chgfctl.c (apply patch) external/mit/xorg-server.old/dist/Xi/chgfctl.c (apply patch) Fix for CVE-2021-3472 (local privilege escalation). To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.1.1.1.4.1 \ xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c diff -u xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1.4.1 --- xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c:1.1.1.1 Thu Jun 9 09:07:56 2016 +++ xsrc/external/mit/xorg-server.old/dist/Xi/chgfctl.c Tue Apr 27 10:41:36 2021 @@ -468,8 +468,11 @@ ProcXChangeFeedbackControl(ClientPtr cli case StringFeedbackClass: { char n; - xStringFeedbackCtl *f = ((xStringFeedbackCtl *) & stuff[1]); + xStringFeedbackCtl *f; + REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq, + sizeof(xStringFeedbackCtl)); + f = ((xStringFeedbackCtl *) &stuff[1]); if (client->swapped) { if (len < bytes_to_int32(sizeof(xStringFeedbackCtl))) return BadLength;