Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
x11vnc
x11vnc-fix-buffer-overflow-in-record_CW.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File x11vnc-fix-buffer-overflow-in-record_CW.patch of Package x11vnc
From 06bbe167108faa7b13f61b75191d39fc200bcfa7 Mon Sep 17 00:00:00 2001 From: Michal Srb <michalsrb@gmail.com> Date: Wed, 6 Jul 2016 14:40:19 +0300 Subject: [PATCH] Fix buffer overflow in record_CW. The loop is supposed to read up to four 4-byte values that follow the request, but instead it was reading the whole length of the request (header + payload) from the data following the request. diff --git a/src/xrecord.c b/src/xrecord.c index a657ce8..4bc119c 100644 --- a/x11vnc/xrecord.c +++ b/x11vnc/xrecord.c @@ -961,7 +961,7 @@ if (db > 1) fprintf(stderr, "record_CW-%d\n", k++); data = (char *)req; data += sz_xConfigureWindowReq; - for (i=0; i<req->length; i++) { + for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) { unsigned int v; /* * We use unsigned int for the values. There were
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor