rpms / tigervnc

Clone
Source Code
GIT

Blame SOURCES/xorg-x11-server-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   e3b7dfda9a68bde852470e03cfd973b0576a72c3
  2.   SOURCES
  3.   xorg-x11-server-Xi-fix-potential-use-after-free-in-DeepCopyPointerCl.patch
Blob History Raw
e3b7df 
From 7150ba655c0cc08fa6ded309b81265bb672f2869 Mon Sep 17 00:00:00 2001
e3b7df 
From: Peter Hutterer <peter.hutterer@who-t.net>
e3b7df 
Date: Wed, 25 Jan 2023 11:41:40 +1000
e3b7df 
Subject: [PATCH xserver] Xi: fix potential use-after-free in
e3b7df 
 DeepCopyPointerClasses
e3b7df
e3b7df 
CVE-2023-0494, ZDI-CAN 19596
e3b7df
e3b7df 
This vulnerability was discovered by:
e3b7df 
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
e3b7df
e3b7df 
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
e3b7df 
---
e3b7df 
 Xi/exevents.c | 4 +++-
e3b7df 
 1 file changed, 3 insertions(+), 1 deletion(-)
e3b7df
e3b7df 
diff --git a/Xi/exevents.c b/Xi/exevents.c
e3b7df 
index 217baa9561..dcd4efb3bc 100644
e3b7df 
--- a/Xi/exevents.c
e3b7df 
+++ b/Xi/exevents.c
e3b7df 
@@ -619,8 +619,10 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
e3b7df 
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
e3b7df 
                    sizeof(XkbAction));
e3b7df 
         }
e3b7df 
-        else
e3b7df 
+        else {
e3b7df 
             free(to->button->xkb_acts);
e3b7df 
+            to->button->xkb_acts = NULL;
e3b7df 
+        }
e3b7df
e3b7df 
         memcpy(to->button->labels, from->button->labels,
e3b7df 
                from->button->numButtons * sizeof(Atom));
e3b7df 
--
e3b7df 
2.39.0
e3b7df

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation