Projects
openEuler:24.03:SP1:Everything:64G
xorg-x11-server
_service:tar_scm:backport-CVE-2023-1393.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2023-1393.patch of Package xorg-x11-server
From 26ef545b3502f61ca722a7a3373507e88ef64110 Mon Sep 17 00:00:00 2001 From: Olivier Fourdan <ofourdan@redhat.com> Date: Mon, 13 Mar 2023 11:08:47 +0100 Subject: [PATCH xserver] composite: Fix use-after-free of the COW ZDI-CAN-19866/CVE-2023-1393 If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client. This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative Signed-off-by: Olivier Fourdan <ofourdan@redhat.com> Reviewed-by: Adam Jackson <ajax@redhat.com> --- composite/compwindow.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/composite/compwindow.c b/composite/compwindow.c index 4e2494b86..b30da589e 100644 --- a/composite/compwindow.c +++ b/composite/compwindow.c @@ -620,6 +620,11 @@ compDestroyWindow(WindowPtr pWin) ret = (*pScreen->DestroyWindow) (pWin); cs->DestroyWindow = pScreen->DestroyWindow; pScreen->DestroyWindow = compDestroyWindow; + + /* Did we just destroy the overlay window? */ + if (pWin == cs->pOverlayWin) + cs->pOverlayWin = NULL; + /* compCheckTree (pWin->drawable.pScreen); can't check -- tree isn't good*/ return ret; } -- 2.40.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2