Tree - rpms/xorg-x11-server - CentOS Git server

Blob History Raw

		279a87	`From 774260dbae1fa505cd2848c786baed9a8db5179d Mon Sep 17 00:00:00 2001`
		279a87	`From: Peter Hutterer <peter.hutterer@who-t.net>`
		279a87	`Date: Mon, 5 Dec 2022 15:55:54 +1000`
		279a87	`Subject: [PATCH xserver 7/7] xkb: reset the radio_groups pointer to NULL after`
		279a87	`freeing it`
		279a87
		279a87	`Unlike other elements of the keymap, this pointer was freed but not`
		279a87	`reset. On a subsequent XkbGetKbdByName request, the server may access`
		279a87	`already freed memory.`
		279a87
		279a87	`CVE-2022-46283, ZDI-CAN-19530`
		279a87
		279a87	`This vulnerability was discovered by:`
		279a87	`Jan-Niklas Sohn working with Trend Micro Zero Day Initiative`
		279a87
		279a87	`Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>`
		279a87	`Acked-by: Olivier Fourdan <ofourdan@redhat.com>`
		279a87	`---`
		279a87	`xkb/xkbUtils.c \| 1 +`
		279a87	`1 file changed, 1 insertion(+)`
		279a87
		279a87	`diff --git a/xkb/xkbUtils.c b/xkb/xkbUtils.c`
		279a87	`index dd089c2046..3f5791a183 100644`
		279a87	`--- a/xkb/xkbUtils.c`
		279a87	`+++ b/xkb/xkbUtils.c`
		279a87	`@@ -1326,6 +1326,7 @@ _XkbCopyNames(XkbDescPtr src, XkbDescPtr dst)`
		279a87	`}`
		279a87	`else {`
		279a87	`free(dst->names->radio_groups);`
		279a87	`+ dst->names->radio_groups = NULL;`
		279a87	`}`
		279a87	`dst->names->num_rg = src->names->num_rg;`
		279a87
		279a87	`--`
		279a87	`2.38.1`
		279a87