summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch')
-rw-r--r--poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
new file mode 100644
index 0000000000..4994a21d33
--- /dev/null
+++ b/poky/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2020-14346.patch
@@ -0,0 +1,36 @@
+From c940cc8b6c0a2983c1ec974f1b3f019795dd4cff Mon Sep 17 00:00:00 2001
+From: Matthieu Herrb <matthieu@herrb.eu>
+Date: Tue, 18 Aug 2020 14:49:04 +0200
+Subject: [PATCH] Fix XIChangeHierarchy() integer underflow
+
+CVE-2020-14346 / ZDI-CAN-11429
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
+
+Upstream-Status: Backport
+[https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff]
+CVE: CVE-2020-14346
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ Xi/xichangehierarchy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
+index cbdd91258..504defe56 100644
+--- a/Xi/xichangehierarchy.c
++++ b/Xi/xichangehierarchy.c
+@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
+ if (!stuff->num_changes)
+ return rc;
+
+- len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
++ len = ((size_t)client->req_len << 2) - sizeof(xXIChangeHierarchyReq);
+
+ any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
+ while (stuff->num_changes--) {
+--
+2.17.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-08-02 19:12:23 +0300