libX11: Changes to 'master'
Matthieu Herrb
herrb at kemper.freedesktop.org
Tue Jul 17 15:02:16 UTC 2018
src/LiHosts.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
New commits:
commit d81da209fd4d0c2c9ad0596a8078e58864479d0d
Author: Tobias Stoeckmann <tobias at stoeckmann.org>
Date: Tue Jul 3 22:31:37 2018 +0200
Validation of server response in XListHosts.
If a server sends an incorrect length in its response, a client is prone
to perform an out of boundary read while processing the data.
The length field of xHostEntry is used to specify the amount of bytes
used to represent the address. It is 16 bit, which means that it is not
possible to perform an arbitrary memory access, but it might be enough
to read sensitive information, e.g. malloc-related pointers and offsets.
Signed-off-by: Tobias Stoeckmann <tobias at stoeckmann.org>
Reviewed-by: Matthieu Herrb <matthieu at herrb.eu>
More information about the xorg-commit
mailing list