Overview

File 0032_CVE-2023-0494_Xi_0ba6d8c37071131a49790243cdac55392ecf71ec.patch of Package xorg-x11-server

From 0ba6d8c37071131a49790243cdac55392ecf71ec Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Wed, 25 Jan 2023 11:41:40 +1000
Subject: [PATCH] Xi: fix potential use-after-free in DeepCopyPointerClasses

CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
---
 Xi/exevents.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- ./Xi/exevents.c	2023-02-07 13:08:14.763350756 -0800
+++ ./Xi/exevents.c.fixed	2023-02-07 13:14:49.112523594 -0800
@@ -575,8 +575,10 @@
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
                    sizeof(XkbAction));
         }
-        else
+        else {
             free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+        }
 
         memcpy(to->button->labels, from->button->labels,
                from->button->numButtons * sizeof(Atom));
openSUSE Build Service is sponsored by
Places