packages/xorg-x11-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!102 fix:CVE-2022-3551

Browse Source 
From: @qz_cx 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
This commit is contained in:
openeuler-ci-bot 2022-11-03 05:29:57 +00:00 committed by Gitee
commit 3a431db36d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2022-3551.patch Normal file
View File

@ -0,0 +1,60 @@
From d7ac1fb14657f278fcc32863aa99eb32a2069d58 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 24 Oct 2022 17:06:15 +0800
Subject: [PATCH] xkb: fix some possible memleaks in XkbGetKbdByName
GetComponentByName returns an allocated string, so let's free that if we
fail somewhere.
Signed-off-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
---
xkb/xkb.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 4dccc62..123671a 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -5936,19 +5936,35 @@ ProcXkbGetKbdByName(ClientPtr client)
xkb = dev->key->xkbInfo->desc;
status = Success;
str = (unsigned char *) &stuff[1];
- if (GetComponentSpec(&str, TRUE, &status)) /* keymap, unsupported */
- return BadMatch;
+ {
+ char *keymap = GetComponentSpec(&str, TRUE, &status); /* keymap, unsupported */
+ if (keymap) {
+ free(keymap);
+ return BadMatch;
+ }
+ }
names.keycodes = GetComponentSpec(&str, TRUE, &status);
names.types = GetComponentSpec(&str, TRUE, &status);
names.compat = GetComponentSpec(&str, TRUE, &status);
names.symbols = GetComponentSpec(&str, TRUE, &status);
names.geometry = GetComponentSpec(&str, TRUE, &status);
- if (status != Success)
+ if (status == Success) {
+ len = str - ((unsigned char *) stuff);
+ if ((XkbPaddedSize(len) / 4) != stuff->length)
+ status = BadLength;
+ }
+
+ if (status != Success) {
+ free(names.keycodes);
+ free(names.types);
+ free(names.compat);
+ free(names.symbols);
+ free(names.geometry);
return status;
len = str - ((unsigned char *) stuff);
if ((XkbPaddedSize(len) / 4) != stuff->length)
return BadLength;
-
+ }
CHK_MASK_LEGAL(0x01, stuff->want, XkbGBN_AllComponentsMask);
CHK_MASK_LEGAL(0x02, stuff->need, XkbGBN_AllComponentsMask);
--
2.33.0

1
gitignore
View File

@ -283,6 +283,7 @@ include/xkb-config.h
include/xorg-config.h
include/xorg-server.h
include/xwin-config.h
include/dix-config.h
mfb/mfbbltC.c
mfb/mfbbltCI.c
mfb/mfbbltG.c

9
xorg-x11-server.spec
View File

@ -16,7 +16,7 @@
Name: xorg-x11-server
Version: 1.20.11
Release: 9
Release: 10
Summary: X.Org X11 X server
License: MIT and GPLv2
URL: https://www.x.org
@ -89,6 +89,7 @@ Patch6004: backport-rename-bool-to-boolean.patch
Patch6005: backport-0001-CVE-2022-2319.patch
Patch6006: backport-0002-CVE-2022-2319.patch
Patch6007: backport-CVE-2022-2320.patch
Patch6008: CVE-2022-3551.patch
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex git gcc
BuildRequires: systemtap-sdt-devel libtool pkgconfig
@ -432,6 +433,12 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_mandir}/man*/*
%changelog
* Mon Oct 24 2022 qz_cx <wangqingzheng@kylinos.cn> - 1.20.11-10
- Type:CVE
- ID:NA
- SUG:NA
- DESC: fix CVE-2022-3551
* Wed Aug 03 2022 wangkerong<wangkerong@h-partners.com> - 1.20.11-9
- fix CVE-2022-2319,CVE-2022-2320