1 files changed, 0 insertions, 37 deletions

diff --git a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch b/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
deleted file mode 100644
index e851c092f1..0000000000
--- a/main/libxres/0003-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b053d215b80e721f9afdc5794e4f3f4f2aee0141 Mon Sep 17 00:00:00 2001
-From: Alan Coopersmith <alan.coopersmith@oracle.com>
-Date: Fri, 12 Apr 2013 23:36:13 -0700
-Subject: [PATCH 3/4] integer overflow in XResQueryClients() [CVE-2013-1988
- 1/2]
-
-The CARD32 rep.num_clients needs to be bounds checked before multiplying
-by sizeof(XResClient) to avoid integer overflow leading to underallocation
-and writing data from the network past the end of the allocated buffer.
-
-Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
-Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
----
- src/XRes.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/XRes.c b/src/XRes.c
-index 1ab1db8..c989985 100644
---- a/src/XRes.c
-+++ b/src/XRes.c
-@@ -130,7 +130,12 @@ Status XResQueryClients (
-     }
- 
-     if(rep.num_clients) {
--        if((clnts = Xmalloc(sizeof(XResClient) * rep.num_clients))) {
-+        if (rep.num_clients < (INT_MAX / sizeof(XResClient)))
-+            clnts = Xmalloc(sizeof(XResClient) * rep.num_clients);
-+        else
-+            clnts = NULL;
-+
-+        if (clnts != NULL) {
-             xXResClient scratch;
-             int i;
- 
--- 
-1.8.2.3
-