summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Kidd <nkidd@opentext.com>2014-12-24 16:22:18 -0500
committerAdam Jackson <ajax@redhat.com>2017-10-12 12:25:31 -0400
commit6c15122163a2d2615db7e998e8d436815a08dec6 (patch)
tree0bcfa4f82b73dc1a1e556e074999518b5e78fefd
parentc77cd08efcf386bcc5d8dfbd0427134b2b2d0888 (diff)
Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com> Reviewed-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Nathan Kidd <nkidd@opentext.com> Signed-off-by: Julien Cristau <jcristau@debian.org> (cherry picked from commit 859b08d523307eebde7724fd1a0789c44813e821)
-rw-r--r--Xi/xichangehierarchy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c
index f2b7785ad..7286eff55 100644
--- a/Xi/xichangehierarchy.c
+++ b/Xi/xichangehierarchy.c
@@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client)
if (!stuff->num_changes)
return rc;
- len = ((size_t)stuff->length << 2) - sizeof(xXIAnyHierarchyChangeInfo);
+ len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq);
any = (xXIAnyHierarchyChangeInfo *) &stuff[1];
while (stuff->num_changes--) {