summaryrefslogtreecommitdiff
path: root/include/X11
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-04-12 23:36:13 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-07 18:47:25 -0700
commit3ec2db9eeb9ba8fb561802b0c4b8bf79e321b7a2 (patch)
treea7207ff5271ee2d0810fa183a798c554ada7d606 /include/X11
parent95b352b0f4a1ab1bc254e78adbc73cd65223ded4 (diff)
integer overflow in XResQueryClients() [CVE-2013-1988 1/2]
The CARD32 rep.num_clients needs to be bounds checked before multiplying by sizeof(XResClient) to avoid integer overflow leading to underallocation and writing data from the network past the end of the allocated buffer. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'include/X11')
0 files changed, 0 insertions, 0 deletions