mirror of
https://git.yoctoproject.org/poky
synced 2026-04-21 21:32:12 +02:00
xwayland: Fix CVE-2024-31081
Patch copied from xserver-xorg recipe.
CVE reported for both and patch apply on both.
Upstream-Commit: 3e77295f88
(From OE-Core rev: 3575ad718c8ea7d808247842df19982f00725187)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
committed by
Steve Sakoman
Steve Sakoman
parent
4a8c873ccf
commit
57a80e447e
47
meta/recipes-graphics/xwayland/xwayland/CVE-2024-31081.patch
Normal file
47
meta/recipes-graphics/xwayland/xwayland/CVE-2024-31081.patch
Normal file
@@ -0,0 +1,47 @@
|
||||
From 3e77295f888c67fc7645db5d0c00926a29ffecee Mon Sep 17 00:00:00 2001
|
||||
From: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
Date: Fri, 22 Mar 2024 18:56:27 -0700
|
||||
Subject: [PATCH] Xi: ProcXIPassiveGrabDevice needs to use unswapped length to
|
||||
send reply
|
||||
|
||||
CVE-2024-31081
|
||||
|
||||
Fixes: d220d6907 ("Xi: add GrabButton and GrabKeysym code.")
|
||||
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
||||
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1463>
|
||||
|
||||
Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee]
|
||||
CVE: CVE-2024-31081
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
Xi/xipassivegrab.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
|
||||
index c9ac2f8553..896233bec2 100644
|
||||
--- a/Xi/xipassivegrab.c
|
||||
+++ b/Xi/xipassivegrab.c
|
||||
@@ -93,6 +93,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
|
||||
GrabParameters param;
|
||||
void *tmp;
|
||||
int mask_len;
|
||||
+ uint32_t length;
|
||||
|
||||
REQUEST(xXIPassiveGrabDeviceReq);
|
||||
REQUEST_FIXED_SIZE(xXIPassiveGrabDeviceReq,
|
||||
@@ -247,9 +248,11 @@ ProcXIPassiveGrabDevice(ClientPtr client)
|
||||
}
|
||||
}
|
||||
|
||||
+ /* save the value before SRepXIPassiveGrabDevice swaps it */
|
||||
+ length = rep.length;
|
||||
WriteReplyToClient(client, sizeof(rep), &rep);
|
||||
if (rep.num_modifiers)
|
||||
- WriteToClient(client, rep.length * 4, modifiers_failed);
|
||||
+ WriteToClient(client, length * 4, modifiers_failed);
|
||||
|
||||
out:
|
||||
free(modifiers_failed);
|
||||
--
|
||||
GitLab
|
||||
|
||||
@@ -25,6 +25,7 @@ SRC_URI = "https://www.x.org/archive/individual/xserver/xwayland-${PV}.tar.xz \
|
||||
file://CVE-2024-21886-1.patch \
|
||||
file://CVE-2024-21886-2.patch \
|
||||
file://CVE-2024-31080.patch \
|
||||
file://CVE-2024-31081.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "d11eeee73290b88ea8da42a7d9350dedfaba856ce4ae44e58c045ad9ecaa2f73"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user