Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
xorg-x11-server
U_xkbsetdeviceinfo.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_xkbsetdeviceinfo.patch of Package xorg-x11-server
@@ -, +, @@ overflows --- xkb/xkb.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) Index: xorg-server-1.20.3/xkb/xkb.c =================================================================== --- xorg-server-1.20.3.orig/xkb/xkb.c +++ xorg-server-1.20.3/xkb/xkb.c @@ -6524,7 +6524,9 @@ SetDeviceIndicators(char *wire, unsigned changed, int num, int *status_rtrn, - ClientPtr client, xkbExtensionDeviceNotify * ev) + ClientPtr client, + xkbExtensionDeviceNotify * ev, + xkbSetDeviceInfoReq * stuff) { xkbDeviceLedsWireDesc *ledWire; int i; @@ -6545,6 +6547,11 @@ SetDeviceIndicators(char *wire, xkbIndicatorMapWireDesc *mapWire; XkbSrvLedInfoPtr sli; + if (!_XkbCheckRequestBounds(client, stuff, ledWire, ledWire + 1)) { + *status_rtrn = BadLength; + return (char *) ledWire; + } + namec = mapc = statec = 0; sli = XkbFindSrvLedInfo(dev, ledWire->ledClass, ledWire->ledID, XkbXI_IndicatorMapsMask); @@ -6563,6 +6570,10 @@ SetDeviceIndicators(char *wire, memset((char *) sli->names, 0, XkbNumIndicators * sizeof(Atom)); for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { if (ledWire->namesPresent & bit) { + if (!_XkbCheckRequestBounds(client, stuff, atomWire, atomWire + 1)) { + *status_rtrn = BadLength; + return (char *) atomWire; + } sli->names[n] = (Atom) *atomWire; if (sli->names[n] == None) ledWire->namesPresent &= ~bit; @@ -6580,6 +6591,10 @@ SetDeviceIndicators(char *wire, if (ledWire->mapsPresent) { for (n = 0, bit = 1; n < XkbNumIndicators; n++, bit <<= 1) { if (ledWire->mapsPresent & bit) { + if (!_XkbCheckRequestBounds(client, stuff, mapWire, mapWire + 1)) { + *status_rtrn = BadLength; + return (char *) mapWire; + } sli->maps[n].flags = mapWire->flags; sli->maps[n].which_groups = mapWire->whichGroups; sli->maps[n].groups = mapWire->groups; @@ -6659,7 +6674,7 @@ _XkbSetDeviceInfoCheck(ClientPtr client, ed.deviceID = dev->id; wire = (char *) &stuff[1]; if (stuff->change & XkbXI_ButtonActionsMask) { - int nBtns, sz, i; + int nBtns, sz, i; XkbAction *acts; DeviceIntPtr kbd; @@ -6671,7 +6686,11 @@ _XkbSetDeviceInfoCheck(ClientPtr client, return BadAlloc; dev->button->xkb_acts = acts; } + if (stuff->firstBtn + stuff->nBtns > nBtns) + return BadValue; sz = stuff->nBtns * SIZEOF(xkbActionWireDesc); + if (!_XkbCheckRequestBounds(client, stuff, wire, (char *) wire + sz)) + return BadLength; memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz); wire += sz; ed.reason |= XkbXI_ButtonActionsMask; @@ -6692,7 +6711,8 @@ _XkbSetDeviceInfoCheck(ClientPtr client, int status = Success; wire = SetDeviceIndicators(wire, dev, stuff->change, - stuff->nDeviceLedFBs, &status, client, &ed); + stuff->nDeviceLedFBs, &status, client, &ed, + stuff); if (status != Success) return status; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor