integer overflow in XResQueryClients() [CVE-2013-1988 1/2]

The CARD32 rep.num_clients needs to be bounds checked before multiplying
by sizeof(XResClient) to avoid integer overflow leading to underallocation
and writing data from the network past the end of the allocated buffer.

Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

0 files changed, 0 insertions, 0 deletions