diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2022-10-17 19:31:45 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-10-18 07:00:18 +0200 |
commit | 717971ecd65b6255712f5352cbd58ee028f32f1b (patch) | |
tree | 11aa384ad7f673c2d490c542ebed14f4334c8e78 /source/x/x11/patch/xorg-server/CVE-2022-3551.patch | |
parent | 9b906307deaeeb6ceef5d5c11abdc1f0770dca02 (diff) | |
download | current-20221017193145.tar.gz current-20221017193145.tar.xz |
Mon Oct 17 19:31:45 UTC 202220221017193145
l/libqalculate-4.4.0-x86_64-1.txz: Upgraded.
l/netpbm-11.00.01-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.4-x86_64-2.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
(* Security fix *)
x/xorg-server-xephyr-21.1.4-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-21.1.4-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-21.1.4-x86_64-2.txz: Rebuilt.
x/xorg-server-xwayland-22.1.3-x86_64-2.txz: Rebuilt.
xkb: proof GetCountedString against request length attacks.
xkb: fix some possible memleaks in XkbGetKbdByName.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3551
(* Security fix *)
xap/blueman-2.3.4-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source/x/x11/patch/xorg-server/CVE-2022-3551.patch')
-rw-r--r-- | source/x/x11/patch/xorg-server/CVE-2022-3551.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/source/x/x11/patch/xorg-server/CVE-2022-3551.patch b/source/x/x11/patch/xorg-server/CVE-2022-3551.patch new file mode 100644 index 000000000..e41db9286 --- /dev/null +++ b/source/x/x11/patch/xorg-server/CVE-2022-3551.patch @@ -0,0 +1,59 @@ +From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed, 13 Jul 2022 11:23:09 +1000 +Subject: xkb: fix some possible memleaks in XkbGetKbdByName + +GetComponentByName returns an allocated string, so let's free that if we +fail somewhere. + +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + xkb/xkb.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 4692895db..b79a269e3 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) + xkb = dev->key->xkbInfo->desc; + status = Success; + str = (unsigned char *) &stuff[1]; +- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ +- return BadMatch; ++ { ++ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ ++ if (keymap) { ++ free(keymap); ++ return BadMatch; ++ } ++ } + names.keycodes = GetComponentSpec(&str, TRUE, &status); + names.types = GetComponentSpec(&str, TRUE, &status); + names.compat = GetComponentSpec(&str, TRUE, &status); + names.symbols = GetComponentSpec(&str, TRUE, &status); + names.geometry = GetComponentSpec(&str, TRUE, &status); +- if (status != Success) ++ if (status == Success) { ++ len = str - ((unsigned char *) stuff); ++ if ((XkbPaddedSize(len) / 4) != stuff->length) ++ status = BadLength; ++ } ++ ++ if (status != Success) { ++ free(names.keycodes); ++ free(names.types); ++ free(names.compat); ++ free(names.symbols); ++ free(names.geometry); + return status; +- len = str - ((unsigned char *) stuff); +- if ((XkbPaddedSize(len) / 4) != stuff->length) +- return BadLength; ++ } + + CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); + CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); +-- +cgit v1.2.1 + |