Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:Rings:1-MinimalX
libX11
u_out-of-boundary-write-in-XListExtensions.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File u_out-of-boundary-write-in-XListExtensions.patch of Package libX11
From 7ca52a28d0423642b6640b15fb150cac3eef7177 Mon Sep 17 00:00:00 2001 From: Stefan Dirsch <sndirsch@suse.de> Date: Mon, 23 Jul 2018 14:30:54 +0200 Subject: [PATCH] out of boundary write in XListExtensions References: bsc#1102068 CVE-2018-14600 The length value is interpreted as signed char on many systems (depending on default signedness of char), which can lead to an out of boundary write up to 128 bytes in front of the allocated storage, but limited to NUL byte(s). Casting the length value to unsigned char fixes the problem and allows string values with up to 255 characters. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> --- src/ListExt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ListExt.c b/src/ListExt.c index 8f344ac0..6537c4dc 100644 --- a/src/ListExt.c +++ b/src/ListExt.c @@ -75,12 +75,12 @@ char **XListExtensions( * unpack into null terminated strings. */ chend = ch + rlen; - length = *ch; + length = (unsigned char) *ch; for (i = 0; i < rep.nExtensions; i++) { if (ch + length < chend) { list[i] = ch+1; /* skip over length */ ch += length + 1; /* find next length ... */ - length = *ch; + length = (unsigned char) *ch; *ch = '\0'; /* and replace with null-termination */ count++; } else -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor