[xsrc/netbsd-8]: xsrc/external/mit Apply patch, requested by mrg in ticket #1...

To: source-changes-hg%NetBSD.org@localhost
Subject: [xsrc/netbsd-8]: xsrc/external/mit Apply patch, requested by mrg in ticket #1...
From: martin <martin%NetBSD.org@localhost>
Date: Tue, 27 Apr 2021 19:24:46 +0000

details:   https://anonhg.NetBSD.org/xsrc/rev/1e90982d1c58
branches:  netbsd-8
changeset: 10711:1e90982d1c58
user:      martin <martin%NetBSD.org@localhost>
date:      Tue Apr 27 19:02:04 2021 +0000

description:
Apply patch, requested by mrg in ticket #1673:

        external/mit/xorg-server/dist/Xi/chgfctl.c      (apply patch)
        external/mit/xorg-server.old/dist/Xi/chgfctl.c  (apply patch)

Fix for CVE-2021-3472 (local privilege escalation).

diffstat:

 external/mit/xorg-server.old/dist/Xi/chgfctl.c |  5 ++++-
 external/mit/xorg-server/dist/Xi/chgfctl.c     |  5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diffs (32 lines):

diff -r b6777acef6de -r 1e90982d1c58 external/mit/xorg-server.old/dist/Xi/chgfctl.c
--- a/external/mit/xorg-server.old/dist/Xi/chgfctl.c    Wed Feb 17 09:48:36 2021 +0000
+++ b/external/mit/xorg-server.old/dist/Xi/chgfctl.c    Tue Apr 27 19:02:04 2021 +0000
@@ -468,8 +468,11 @@
     case StringFeedbackClass:
     {
        char n;
-       xStringFeedbackCtl *f = ((xStringFeedbackCtl *) & stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
        if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;
diff -r b6777acef6de -r 1e90982d1c58 external/mit/xorg-server/dist/Xi/chgfctl.c
--- a/external/mit/xorg-server/dist/Xi/chgfctl.c        Wed Feb 17 09:48:36 2021 +0000
+++ b/external/mit/xorg-server/dist/Xi/chgfctl.c        Tue Apr 27 19:02:04 2021 +0000
@@ -464,8 +464,11 @@
         break;
     case StringFeedbackClass:
     {
-        xStringFeedbackCtl *f = ((xStringFeedbackCtl *) &stuff[1]);
+        xStringFeedbackCtl *f;
 
+        REQUEST_AT_LEAST_EXTRA_SIZE(xChangeFeedbackControlReq,
+                                    sizeof(xStringFeedbackCtl));
+        f = ((xStringFeedbackCtl *) &stuff[1]);
         if (client->swapped) {
             if (len < bytes_to_int32(sizeof(xStringFeedbackCtl)))
                 return BadLength;

Prev by Date: [src/trunk]: src/usr.bin/make make: use consistent variable names, types and ...
Next by Date: [src/netbsd-8]: src/doc Ticket #1673
Previous by Thread: [src/trunk]: src/usr.bin/make make: use consistent variable names, types and ...
Next by Thread: [src/netbsd-8]: src/doc Ticket #1673
Indexes:

Home | Main Index | Thread Index | Old Index