summaryrefslogtreecommitdiff
path: root/autogen.sh
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-03-10 00:16:22 -0800
committerAlan Coopersmith <alan.coopersmith@oracle.com>2013-05-23 08:13:26 -0700
commit81b4df8ac6aa1520c41c3526961014a6f115cc46 (patch)
treefa8a1ec6f07fae926142c872adf14062ddcccc47 /autogen.sh
parentef82512288d8ca36ac0beeb289f158195b0a8cae (diff)
sign extension issue in XListInputDevices() [CVE-2013-1995]
nptr is (signed) char, which can be negative, and will sign extend when added to the int size, which means size can be subtracted from, leading to allocating too small a buffer to hold the data being copied from the X server's reply. v2: check that string size fits inside the data read from the server, so that we don't read out of bounds either Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Diffstat (limited to 'autogen.sh')
0 files changed, 0 insertions, 0 deletions