diff --git a/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch new file mode 100644 index 0000000..d8c9fd7 --- /dev/null +++ b/0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch @@ -0,0 +1,40 @@ +From 623b77d4f30b47258a40f89262e5aa5d25e95fa7 Mon Sep 17 00:00:00 2001 +From: Benno Schulenberg +Date: Mon, 14 Feb 2022 11:33:25 +0100 +Subject: [PATCH] imDefLkup: verify that a pointer isn't NULL before using it + +It is possible for _XimICOfXICID() to return NULL, so it is necessary +to check this isn't actually the case before dereferencing the pointer. +All other callers of _XimICOfXICID() do this check too. + +(The check itself is ugly, but it follows the style of the code in the +rest of the module.) + +Fixes issue #45. + +Reported-by: Bhavi Dhingra + +Original-patch-by: Bhavi Dhingra + +Signed-off-by: Benno Schulenberg +--- + modules/im/ximcp/imDefLkup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c +index dea7f66d..dd1adf53 100644 +--- a/modules/im/ximcp/imDefLkup.c ++++ b/modules/im/ximcp/imDefLkup.c +@@ -88,7 +88,8 @@ _XimSetEventMaskCallback( + + if (imid == im->private.proto.imid) { + if (icid) { +- ic = _XimICOfXICID(im, icid); ++ if (!(ic = _XimICOfXICID(im, icid))) ++ return False; + _XimProcICSetEventMask(ic, (XPointer)&buf_s[2]); + } else { + _XimProcIMSetEventMask(im, (XPointer)&buf_s[2]); +-- +2.46.0 + diff --git a/libX11.spec b/libX11.spec index 19058f6..1aca733 100644 --- a/libX11.spec +++ b/libX11.spec @@ -5,7 +5,7 @@ Summary: Core X11 protocol client library Name: libX11 Version: 1.7.0 -Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} +Release: 10%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} License: MIT URL: http://www.x.org @@ -33,6 +33,9 @@ Patch8: 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch # CVE-2023-43787 Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch +# https://issues.redhat.com/browse/RHEL-58298 +Patch10: 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch + BuildRequires: make BuildRequires: xorg-x11-util-macros >= 1.11 BuildRequires: pkgconfig(xproto) >= 7.0.15 @@ -135,6 +138,10 @@ make %{?_smp_mflags} check %{_mandir}/man5/*.5* %changelog +* Fri Sep 13 2024 José Expósito - 1.7.0-10 +- Backport NULL check to avoid a crash + Resolves: https://issues.redhat.com/browse/RHEL-58298 + * Wed Oct 11 2023 José Expósito - 1.7.0-9 - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43786: stack exhaustion from infinite recursion in