fix CVE-2022-3554

2022-10-24 19:10:59 +08:00 · 2022-10-24 19:10:59 +08:00 · b166000754
commit b166000754
parent 19a056baf9
2 changed files with 61 additions and 1 deletions
--- a/backport-CVE-2022-3554.patch
+++ b/backport-CVE-2022-3554.patch
@ -0,0 +1,56 @@
+From 1d11822601fd24a396b354fa616b04ed3df8b4ef Mon Sep 17 00:00:00 2001
+From: "Thomas E. Dickey" <dickey@invisible-island.net>
+Date: Tue, 4 Oct 2022 18:26:17 -0400
+Subject: [PATCH] fix a memory leak in XRegisterIMInstantiateCallback
+
+Analysis:
+
+    _XimRegisterIMInstantiateCallback() opens an XIM and closes it using
+    the internal function pointers, but the internal close function does
+    not free the pointer to the XIM (this would be done in XCloseIM()).
+
+Report/patch:
+
+    Date: Mon, 03 Oct 2022 18:47:32 +0800
+    From: Po Lu <luangruo@yahoo.com>
+    To: xorg-devel@lists.x.org
+    Subject: Re: Yet another leak in Xlib
+
+    For reference, here's how I'm calling XRegisterIMInstantiateCallback:
+
+    XSetLocaleModifiers ("");
+    XRegisterIMInstantiateCallback (compositor.display,
+                                    XrmGetDatabase (compositor.display),
+                                    (char *) compositor.resource_name,
+                                    (char *) compositor.app_name,
+                                    IMInstantiateCallback, NULL);
+
+    and XMODIFIERS is:
+
+        @im=ibus
+
+Signed-off-by: Thomas E. Dickey <dickey@invisible-island.net>
+
+Conflict:NA
+Reference:https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=1d11822601fd24a396b354fa616b04ed3df8b4ef
+---
+ modules/im/ximcp/imInsClbk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/modules/im/ximcp/imInsClbk.c b/modules/im/ximcp/imInsClbk.c
+index 95b379cb..c10e347f 100644
+--- a/modules/im/ximcp/imInsClbk.c
+++ b/modules/im/ximcp/imInsClbk.c
+@@ -212,6 +212,9 @@ _XimRegisterIMInstantiateCallback(
+     if( xim ) {
+ 	lock = True;
+ 	xim->methods->close( (XIM)xim );
+	/* XIMs must be freed manually after being opened; close just
+	   does the protocol to deinitialize the IM.  */
+	XFree( xim );
+ 	lock = False;
+ 	icb->call = True;
+ 	callback( display, client_data, NULL );
+-- 
+2.27.0
+
--- a/libX11.spec
+++ b/libX11.spec
@ -1,12 +1,13 @@
 Name:		libX11
 Version:	1.8.1
-Release:	1
+Release:	2
 Summary:	Core X11 protocol client library
 License:	MIT
 URL:		http://www.x.org
 Source0:	https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{version}.tar.xz

 Patch1:         dont-forward-keycode-0.patch
+Patch6001:	backport-CVE-2022-3554.patch

 BuildRequires:	xorg-x11-util-macros >= 1.11 xorg-x11-proto-devel perl-Pod-Usage libXau-devel
 BuildRequires:  libxcb-devel >= 1.2 libXdmcp-devel xorg-x11-xtrans-devel >= 1.0.3-4 make
@ -73,6 +74,9 @@ make %{?_smp_mflags} check
 %{_mandir}/*/*

 %changelog
+* Mon Oct 24 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.8.1-2
+- fix CVE-2022-3554
+
 * Mon Jun 20 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 1.8.1-1
 - update to 1.8.1