diff options
author | Povilas Kanapickas <povilas@radix.lt> | 2021-12-14 15:00:02 +0200 |
---|---|---|
committer | Olivier Fourdan <ofourdan@redhat.com> | 2021-12-14 14:51:49 +0100 |
commit | fe0c050276c09f43cc1ae80b4553db42398ca84c (patch) | |
tree | 1436da7126a2317c6f200e46a24fc7685e2a5780 | |
parent | 3eb5445f6f7fa9f86de87adc768105d42bdbcf74 (diff) | |
download | xserver-fe0c050276c09f43cc1ae80b4553db42398ca84c.tar.gz |
Xext: Fix out of bounds access in SProcScreenSaverSuspend()
ZDI-CAN-14951, CVE-2021-4010
This vulnerability was discovered and the fix was suggested by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
(cherry picked from commit 6c4c53010772e3cb4cb8acd54950c8eec9c00d21)
-rw-r--r-- | Xext/saver.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Xext/saver.c b/Xext/saver.c index 1d7e3cadf..f813ba08d 100644 --- a/Xext/saver.c +++ b/Xext/saver.c @@ -1351,8 +1351,8 @@ SProcScreenSaverSuspend(ClientPtr client) REQUEST(xScreenSaverSuspendReq); swaps(&stuff->length); - swapl(&stuff->suspend); REQUEST_SIZE_MATCH(xScreenSaverSuspendReq); + swapl(&stuff->suspend); return ProcScreenSaverSuspend(client); } |