diff options
author | Nathan Kidd <nkidd@opentext.com> | 2014-12-24 16:22:18 -0500 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2017-10-10 23:33:44 +0200 |
commit | 859b08d523307eebde7724fd1a0789c44813e821 (patch) | |
tree | 87fab210322f596cef1635760c18cfbb8de44ebb | |
parent | d088e3c1286b548a58e62afdc70bb40981cdb9e8 (diff) |
Xi: fix wrong extra length check in ProcXIChangeHierarchy (CVE-2017-12178)
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | Xi/xichangehierarchy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Xi/xichangehierarchy.c b/Xi/xichangehierarchy.c index 87f191ffa..cbdd91258 100644 --- a/Xi/xichangehierarchy.c +++ b/Xi/xichangehierarchy.c @@ -423,7 +423,7 @@ ProcXIChangeHierarchy(ClientPtr client) if (!stuff->num_changes) return rc; - len = ((size_t)stuff->length << 2) - sizeof(xXIAnyHierarchyChangeInfo); + len = ((size_t)stuff->length << 2) - sizeof(xXIChangeHierarchyReq); any = (xXIAnyHierarchyChangeInfo *) &stuff[1]; while (stuff->num_changes--) { |