diff options
Diffstat (limited to 'source/x/xorg-server-xwayland/CVE-2022-3551.patch')
-rw-r--r-- | source/x/xorg-server-xwayland/CVE-2022-3551.patch | 59 |
1 files changed, 0 insertions, 59 deletions
diff --git a/source/x/xorg-server-xwayland/CVE-2022-3551.patch b/source/x/xorg-server-xwayland/CVE-2022-3551.patch deleted file mode 100644 index e41db9286..000000000 --- a/source/x/xorg-server-xwayland/CVE-2022-3551.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 18f91b950e22c2a342a4fbc55e9ddf7534a707d2 Mon Sep 17 00:00:00 2001 -From: Peter Hutterer <peter.hutterer@who-t.net> -Date: Wed, 13 Jul 2022 11:23:09 +1000 -Subject: xkb: fix some possible memleaks in XkbGetKbdByName - -GetComponentByName returns an allocated string, so let's free that if we -fail somewhere. - -Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> ---- - xkb/xkb.c | 26 ++++++++++++++++++++------ - 1 file changed, 20 insertions(+), 6 deletions(-) - -diff --git a/xkb/xkb.c b/xkb/xkb.c -index 4692895db..b79a269e3 100644 ---- a/xkb/xkb.c -+++ b/xkb/xkb.c -@@ -5935,18 +5935,32 @@ ProcXkbGetKbdByName(ClientPtr client) - xkb = dev->key->xkbInfo->desc; - status = Success; - str = (unsigned char *) &stuff[1]; -- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */ -- return BadMatch; -+ { -+ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */ -+ if (keymap) { -+ free(keymap); -+ return BadMatch; -+ } -+ } - names.keycodes = GetComponentSpec(&str, TRUE, &status); - names.types = GetComponentSpec(&str, TRUE, &status); - names.compat = GetComponentSpec(&str, TRUE, &status); - names.symbols = GetComponentSpec(&str, TRUE, &status); - names.geometry = GetComponentSpec(&str, TRUE, &status); -- if (status != Success) -+ if (status == Success) { -+ len = str - ((unsigned char *) stuff); -+ if ((XkbPaddedSize(len) / 4) != stuff->length) -+ status = BadLength; -+ } -+ -+ if (status != Success) { -+ free(names.keycodes); -+ free(names.types); -+ free(names.compat); -+ free(names.symbols); -+ free(names.geometry); - return status; -- len = str - ((unsigned char *) stuff); -- if ((XkbPaddedSize(len) / 4) != stuff->length) -- return BadLength; -+ } - - CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask); - CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask); --- -cgit v1.2.1 - |