packages/xorg-x11-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!162 fix CVE-2022-3550

Browse Source 
From: @leeffo 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
This commit is contained in:
openeuler-ci-bot 2023-05-26 09:34:15 +00:00 committed by Gitee
commit ca8965251e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
backport-CVE-2022-3550.patch Normal file
View File

@ -0,0 +1,28 @@
From f908421d43959a44ff940fd89fd0e35150cfe3f9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 26 May 2023 15:10:01 +0800
Subject: [PATCH] xkb: proof GetCountedString against request length attacks
---
xkb/xkb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index aa98578..87b73df 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -5138,6 +5138,11 @@ _GetCountedString(char **wire_inout, ClientPtr client, char **str)
CARD16 len;
wire = *wire_inout;
+
+ if (client->req_len <
+ bytes_to_int32(wire + 2 - (char *) client->requestBuffer))
+ return BadValue;
+
len = *(CARD16 *) wire;
if (client->swapped) {
swaps(&len);
--
2.20.1

8
xorg-x11-server.spec
View File

@ -16,7 +16,7 @@
Name: xorg-x11-server Name: xorg-x11-server
Version: 1.20.8 Version: 1.20.8
Release: 18 Release: 19
Summary: X.Org X11 X server Summary: X.Org X11 X server
License: MIT and GPLv2 License: MIT and GPLv2
URL: https://www.x.org URL: https://www.x.org
@ -105,6 +105,7 @@ Patch6015: backport-CVE-2022-46344.patch
Patch6016: backport-CVE-2022-4283.patch Patch6016: backport-CVE-2022-4283.patch
Patch6017: backport-CVE-2023-0494.patch Patch6017: backport-CVE-2023-0494.patch
Patch6018: backport-CVE-2023-1393.patch Patch6018: backport-CVE-2023-1393.patch
Patch6019: backport-CVE-2022-3550.patch
BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git gcc BuildRequires: audit-libs-devel autoconf automake bison dbus-devel flex flex-devel git gcc
BuildRequires: systemtap-sdt-devel libtool pkgconfig BuildRequires: systemtap-sdt-devel libtool pkgconfig
@ -347,6 +348,9 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
%{_libdir}/xorg/protocol.txt %{_libdir}/xorg/protocol.txt
%changelog %changelog
* Fri May 26 2023 leeffo <liweiganga@uniontech.com> -1.20.8-19
- fix CVE-2022-3550
* Thu Apr 13 2023 liweiganga <liweiganga@uniontech.com> -1.20.8-18 * Thu Apr 13 2023 liweiganga <liweiganga@uniontech.com> -1.20.8-18
- fix CVE-2023-1393 - fix CVE-2023-1393
@ -403,7 +407,7 @@ find %{inst_srcdir}/hw/xfree86 -name \*.c -delete
- SUG:NA - SUG:NA
- DESC:fix CVE-2021-3472 - DESC:fix CVE-2021-3472
* Mon Feb 01 2020 yeah_wang<wangye70@huawei.com> - 1.20.8-4 * Mon Feb 01 2021 yeah_wang<wangye70@huawei.com> - 1.20.8-4
- Type:CVE - Type:CVE
- Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712 - Id:CVE-2020-14347 CVE-2020-14360 CVE-2020-25712
- SUG:NA - SUG:NA