diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-03-02 11:25:25 -0800 |
---|---|---|
committer | Ulrich Sibiller <uli42@gmx.de> | 2016-10-12 09:34:39 +0200 |
commit | 0284afb80cefe1ae3c2567dd46427b5d425791b1 (patch) | |
tree | d88e982248f1656a29bc5def754618af6b23966f /nxcomp/GenericReadBuffer.h | |
parent | 0bf09b4bb1e469f37b75a088b1a5ba093ab36252 (diff) | |
download | nx-libs-0284afb80cefe1ae3c2567dd46427b5d425791b1.tar.gz nx-libs-0284afb80cefe1ae3c2567dd46427b5d425791b1.tar.bz2 nx-libs-0284afb80cefe1ae3c2567dd46427b5d425791b1.zip |
unvalidated length in _XimXGetReadData() [CVE-2013-1997 12/15]
Check the provided buffer size against the amount of data we're going to
write into it, not against the reported length from the ClientMessage.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'nxcomp/GenericReadBuffer.h')
0 files changed, 0 insertions, 0 deletions