Tree - rpms/xorg-x11-server-Xwayland

Blob History Raw

		a4dcf1	`From 774260dbae1fa505cd2848c786baed9a8db5179d Mon Sep 17 00:00:00 2001`
		a4dcf1	`From: Peter Hutterer <peter.hutterer@who-t.net>`
		a4dcf1	`Date: Mon, 5 Dec 2022 15:55:54 +1000`
		a4dcf1	`Subject: [PATCH xserver 7/7] xkb: reset the radio_groups pointer to NULL after`
		a4dcf1	`freeing it`
		a4dcf1
		a4dcf1	`Unlike other elements of the keymap, this pointer was freed but not`
		a4dcf1	`reset. On a subsequent XkbGetKbdByName request, the server may access`
		a4dcf1	`already freed memory.`
		a4dcf1
		a4dcf1	`CVE-2022-46283, ZDI-CAN-19530`
		a4dcf1
		a4dcf1	`This vulnerability was discovered by:`
		a4dcf1	`Jan-Niklas Sohn working with Trend Micro Zero Day Initiative`
		a4dcf1
		a4dcf1	`Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>`
		a4dcf1	`Acked-by: Olivier Fourdan <ofourdan@redhat.com>`
		a4dcf1	`---`
		a4dcf1	`xkb/xkbUtils.c \| 1 +`
		a4dcf1	`1 file changed, 1 insertion(+)`
		a4dcf1
		a4dcf1	`diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c`
		a4dcf1	`index dd089c2046..3f5791a183 100644`
		a4dcf1	`--- a/xkb/xkbUtils.c`
		a4dcf1	`+++ b/xkb/xkbUtils.c`
		a4dcf1	`@@ -1326,6 +1326,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst)`
		a4dcf1	`}`
		a4dcf1	`else {`
		a4dcf1	`free(dst->names->radio_groups);`
		a4dcf1	`+ dst->names->radio_groups = NULL;`
		a4dcf1	`}`
		a4dcf1	`dst->names->num_rg = src->names->num_rg;`
		a4dcf1
		a4dcf1	`--`
		a4dcf1	`2.38.1`