Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
xorg-x11-server.32027
bsc1218583-0003-Xi-when-creating-a-new-ButtonCl...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bsc1218583-0003-Xi-when-creating-a-new-ButtonClass-set-the-number-of.patch of Package xorg-x11-server.32027
From 061eb684996627347acdf87ec11d108cedee71b6 Mon Sep 17 00:00:00 2001 From: Peter Hutterer <peter.hutterer@who-t.net> Date: Thu, 21 Dec 2023 13:48:10 +1000 Subject: [PATCH xserver] Xi: when creating a new ButtonClass, set the number of buttons There's a racy sequence where a master device may copy the button class from the slave, without ever initializing numButtons. This leads to a device with zero buttons but a button class which is invalid. Let's copy the numButtons value from the source - by definition if we don't have a button class yet we do not have any other slave devices with more than this number of buttons anyway. CVE-2024-0229, ZDI-CAN-22678 This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative --- Xi/exevents.c | 1 + 1 file changed, 1 insertion(+) Index: xorg-server-1.20.3/Xi/exevents.c =================================================================== --- xorg-server-1.20.3.orig/Xi/exevents.c +++ xorg-server-1.20.3/Xi/exevents.c @@ -561,6 +561,7 @@ DeepCopyPointerClasses(DeviceIntPtr from to->button = calloc(1, sizeof(ButtonClassRec)); if (!to->button) FatalError("[Xi] no memory for class shift.\n"); + to->button->numButtons = from->button->numButtons; } else classes->button = NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor