!161 fix CVE-2022-3550

From: @leeffo Reviewed-by: @weidongkl Signed-off-by: @weidongkl
2023-05-26 09:34:08 +00:00 · 2023-05-26 09:34:08 +00:00 · c1fc1213e7
commit c1fc1213e7
parent 4b14bd358e a519940938
2 changed files with 33 additions and 1 deletions
--- a/backport-CVE-2022-3550.patch
+++ b/backport-CVE-2022-3550.patch
@ -0,0 +1,28 @@
 From f908421d43959a44ff940fd89fd0e35150cfe3f9 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Fri, 26 May 2023 15:10:01 +0800
 Subject: [PATCH] xkb: proof GetCountedString against request length attacks
 ---
 xkb/xkb.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/xkb/xkb.c b/xkb/xkb.c
 index aa98578..87b73df 100644
 --- a/xkb/xkb.c
 +++ b/xkb/xkb.c
@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
     CARD16 len;
     wire = *wire_inout;
 +
 +    if (client->req_len < 
 +        bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
 +        return BadValue;
 +
     len = *(CARD16 *) wire;
     if (client->swapped) {
         swaps(&len);
 -- 
 2.20.1
--- a/xorg-x11-server.spec
+++ b/xorg-x11-server.spec
@ -16,7 +16,7 @@
 Name:           xorg-x11-server
 Version:        1.20.11
-Release:        18
+Release:        19
 Summary:        X.Org X11 X server
 License:        MIT and GPLv2
 URL:            https://www.x.org
@ -104,6 +104,7 @@ Patch6017: backport-CVE-2022-46344.patch
 Patch6018: backport-CVE-2022-4283.patch
 Patch6019: backport-CVE-2023-0494.patch
 Patch6020: backport-CVE-2023-1393.patch
 Patch6021: backport-CVE-2022-3550.patch
 BuildRequires:  audit-libs-devel autoconf automake bison dbus-devel flex git gcc 
 BuildRequires:  systemtap-sdt-devel libtool pkgconfig 
@ -444,6 +445,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
 %{_mandir}/man*/*
 %changelog
 * Fri May 26 2023 leeffo <liweiganga@uniontech.com> -1.20.11-19
 - fix CVE-2022-3550
 * Wed Apr 12 2023 liweiganga <liweiganga@uniontech.com> -1.20.11-18
 - fix CVE-2023-1393