Tree - rpms/xorg-x11-server - CentOS Git server

Blob History Raw

		8713f6	`From 774260dbae1fa505cd2848c786baed9a8db5179d Mon Sep 17 00:00:00 2001`
		8713f6	`From: Peter Hutterer <peter.hutterer@who-t.net>`
		8713f6	`Date: Mon, 5 Dec 2022 15:55:54 +1000`
		8713f6	`Subject: [PATCH xserver 7/7] xkb: reset the radio_groups pointer to NULL after`
		8713f6	`freeing it`
		8713f6
		8713f6	`Unlike other elements of the keymap, this pointer was freed but not`
		8713f6	`reset. On a subsequent XkbGetKbdByName request, the server may access`
		8713f6	`already freed memory.`
		8713f6
		8713f6	`CVE-2022-46283, ZDI-CAN-19530`
		8713f6
		8713f6	`This vulnerability was discovered by:`
		8713f6	`Jan-Niklas Sohn working with Trend Micro Zero Day Initiative`
		8713f6
		8713f6	`Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>`
		8713f6	`Acked-by: Olivier Fourdan <ofourdan@redhat.com>`
		8713f6	`---`
		8713f6	`xkb/xkbUtils.c \| 1 +`
		8713f6	`1 file changed, 1 insertion(+)`
		8713f6
		8713f6	`diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c`
		8713f6	`index dd089c2046..3f5791a183 100644`
		8713f6	`--- a/xkb/xkbUtils.c`
		8713f6	`+++ b/xkb/xkbUtils.c`
		8713f6	`@@ -1326,6 +1326,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst)`
		8713f6	`}`
		8713f6	`else {`
		8713f6	`free(dst->names->radio_groups);`
		8713f6	`+ dst->names->radio_groups = NULL;`
		8713f6	`}`
		8713f6	`dst->names->num_rg = src->names->num_rg;`
		8713f6
		8713f6	`--`
		8713f6	`2.38.1`
		8713f6