wok-current view xorg-server/stuff/CVE-2024-31081.patch @ rev 25695
Up linux 5.10.214, Patch xorg-server (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083)
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Thu Apr 04 08:53:51 2024 +0000 (7 weeks ago) |
| parents | |
| children |
line source
1 From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001
2 From: Alan Coopersmith <alan.coopersmith@oracle.com>
3 Date: Fri, 22 Mar 2024 18:56:27 -0700
4 Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to
5 send reply
7 CVE-2024-31081
9 Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.")
10 Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
11 Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
12 ---
13 Xi/xipassivegrab.c | 5 ++++-
14 1 file changed, 4 insertions(+), 1 deletion(-)
16 diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
17 index c9ac2f8553..896233bec2 100644
18 --- a/Xi/xipassivegrab.c
19 +++ b/Xi/xipassivegrab.c
20 @@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
21 GrabParameters param;
22 void *tmp;
23 int mask_len;
24 + uint32_t length;
26 REQUEST(xXIPassiveGrabDeviceReq);
27 REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
28 @@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client)
29 }
30 }
32 + /* save the value before SRepXIPassiveGrabDevice swaps it */
33 + length = rep.length;
34 WriteReplyToClient(client, sizeof(rep), &rep);
35 if (rep.num_modifiers)
36 - WriteToClient(client, rep.length * 4, modifiers_failed);
37 + WriteToClient(client, length * 4, modifiers_failed);
39 out:
40 free(modifiers_failed);
41 --
42 GitLab