Projects
openEuler:24.03:SP1:Everything
xorg-x11-server
_service:tar_scm:backport-CVE-2022-46343.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2022-46343.patch of Package xorg-x11-server
From 842ca3ccef100ce010d1d8f5f6d6cc1915055900 Mon Sep 17 00:00:00 2001 From: Peter Hutterer <peter.hutterer@who-t.net> Date: Tue, 29 Nov 2022 14:53:07 +1000 Subject: [PATCH] Xext: free the screen saver resource when replacing it This fixes a use-after-free bug: When a client first calls ScreenSaverSetAttributes(), a struct ScreenSaverAttrRec is allocated and added to the client's resources. When the same client calls ScreenSaverSetAttributes() again, a new struct ScreenSaverAttrRec is allocated, replacing the old struct. The old struct was freed but not removed from the clients resources. Later, when the client is destroyed the resource system invokes ScreenSaverFreeAttr and attempts to clean up the already freed struct. Fix this by letting the resource system free the old attrs instead. CVE-2022-46343, ZDI-CAN 19404 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> Acked-by: Olivier Fourdan <ofourdan@redhat.com> --- Xext/saver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Xext/saver.c b/Xext/saver.c index f813ba08d..fd6153c31 100644 --- a/Xext/saver.c +++ b/Xext/saver.c @@ -1051,7 +1051,7 @@ ScreenSaverSetAttributes(ClientPtr client) pVlist++; } if (pPriv->attr) - FreeScreenAttr(pPriv->attr); + FreeResource(pPriv->attr->resource, AttrType); pPriv->attr = pAttr; pAttr->resource = FakeClientID(client->index); if (!AddResource(pAttr->resource, AttrType, (void *) pAttr)) -- GitLab
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2