aboutsummaryrefslogtreecommitdiff
path: root/nxcomp/ChannelEndPoint.cpp
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-03-08 22:25:35 -0800
committerUlrich Sibiller <uli42@gmx.de>2016-10-12 09:34:38 +0200
commit361d36770ba3ceef0272e53c59c169f16f16ecf6 (patch)
tree1b0765771257b613cca09318275cb4edd4521bbd /nxcomp/ChannelEndPoint.cpp
parent25172302a39c4e0c90dffbdcfa88b99ac442a2f9 (diff)
downloadnx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.tar.gz
nx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.tar.bz2
nx-libs-361d36770ba3ceef0272e53c59c169f16f16ecf6.zip
integer overflow in XGetWindowProperty() [CVE-2013-1981 10/13]
If the reported number of properties is too large, the calculations to allocate memory for them may overflow, leaving us returning less memory to the caller than implied by the value written to *nitems. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/ChannelEndPoint.cpp')
0 files changed, 0 insertions, 0 deletions