diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-10-17 19:31:45 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-10-18 13:30:33 +0200 |
commit | 2559feca78bc678c5bbf91419695174d3fcbdf14 (patch) | |
tree | efa4d497c6065d936916a39b23f638c6b277b7b4 /patches/source/xorg-server-xwayland/CVE-2022-3551.patch | |
parent | a37e7d6f03a8b559ab7c17eb42c13e7e06c2b9fc (diff) | |
download | current-2559feca78bc678c5bbf91419695174d3fcbdf14.tar.gz current-2559feca78bc678c5bbf91419695174d3fcbdf14.tar.xz |
Mon Oct 17 19:31:45 UTC 202220221017193145_15.0
patches/packages/xorg-server-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
xquartz: Fix a possible crash when editing the Application menu due
to mutating immutable arrays.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-x86_64-4_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-x86_64-3_slack15.0.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
(* Security fix *)
Diffstat (limited to 'patches/source/xorg-server-xwayland/CVE-2022-3551.patch')
-rw-r--r-- | patches/source/xorg-server-xwayland/CVE-2022-3551.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/patches/source/xorg-server-xwayland/CVE-2022-3551.patch b/patches/source/xorg-server-xwayland/CVE-2022-3551.patch new file mode 100644 index 000000000..e41db9286 --- /dev/null +++ b/patches/source/xorg-server-xwayland/CVE-2022-3551.patch @@ -0,0 +1,59 @@ +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed, 13 Jul 2022 11:23:09 +1000 +Subject: xkb: fix some possible memleaks in XkbGetKbdByName + +GetComponentByName returns an allocated string, so let's free that if we +fail somewhere. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + xkb/xkb.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 4692895db..b79a269e3 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) + xkb = dev->key->xkbInfo->desc; + status = Success; + str = (unsigned char *) &stuff[1]; +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ +- return BadMatch; ++ { ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ ++ if (keymap) { ++ free(keymap); ++ return BadMatch; ++ } ++ } + names.keycodes = GetComponentSpec(&str, TRUE, &status); + names.types = GetComponentSpec(&str, TRUE, &status); + names.compat = GetComponentSpec(&str, TRUE, &status); + names.symbols = GetComponentSpec(&str, TRUE, &status); + names.geometry = GetComponentSpec(&str, TRUE, &status); +- if (status != Success) ++ if (status == Success) { ++ len = str - ((unsigned char *) stuff); ++ if ((XkbPaddedSize(len) / 4) != stuff->length) ++ status = BadLength; ++ } ++ ++ if (status != Success) { ++ free(names.keycodes); ++ free(names.types); ++ free(names.compat); ++ free(names.symbols); ++ free(names.geometry); + return status; +- len = str - ((unsigned char *) stuff); +- if ((XkbPaddedSize(len) / 4) != stuff->length) +- return BadLength; ++ } + + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); +-- +cgit v1.2.1 + |