rpms/libX11
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport NULL check to avoid a crash

Browse Source 
Resolves: https://issues.redhat.com/browse/RHEL-58298
This commit is contained in:
José Expósito 2024-09-13 16:33:38 +02:00
parent e9927e694f
commit 8cd8488ac7
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch Normal file
View File

@ -0,0 +1,40 @@
From 623b77d4f30b47258a40f89262e5aa5d25e95fa7 Mon Sep 17 00:00:00 2001
From: Benno Schulenberg <bensberg@telfort.nl>
Date: Mon, 14 Feb 2022 11:33:25 +0100
Subject: [PATCH] imDefLkup: verify that a pointer isn't NULL before using it
It is possible for _XimICOfXICID() to return NULL, so it is necessary
to check this isn't actually the case before dereferencing the pointer.
All other callers of _XimICOfXICID() do this check too.
(The check itself is ugly, but it follows the style of the code in the
rest of the module.)
Fixes issue #45.
Reported-by: Bhavi Dhingra
Original-patch-by: Bhavi Dhingra
Signed-off-by: Benno Schulenberg <bensberg@telfort.nl>
---
modules/im/ximcp/imDefLkup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/modules/im/ximcp/imDefLkup.c b/modules/im/ximcp/imDefLkup.c
index dea7f66d..dd1adf53 100644
--- a/modules/im/ximcp/imDefLkup.c
+++ b/modules/im/ximcp/imDefLkup.c
@@ -88,7 +88,8 @@ _XimSetEventMaskCallback(
if (imid == im->private.proto.imid) {
if (icid) {
- ic = _XimICOfXICID(im, icid);
+ if (!(ic = _XimICOfXICID(im, icid)))
+ return False;
_XimProcICSetEventMask(ic, (XPointer)&buf_s[2]);
} else {
_XimProcIMSetEventMask(im, (XPointer)&buf_s[2]);
--
2.46.0

9
libX11.spec
View File

@ -5,7 +5,7 @@
Summary: Core X11 protocol client library Summary: Core X11 protocol client library
Name: libX11 Name: libX11
Version: 1.7.0 Version: 1.7.0
Release: 9%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist} Release: 10%{?gitdate:.%{gitdate}git%{gitversion}}%{?dist}
License: MIT License: MIT
URL: http://www.x.org URL: http://www.x.org
@ -33,6 +33,9 @@ Patch8: 0003-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
# CVE-2023-43787 # CVE-2023-43787
Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch Patch9: 0001-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
# https://issues.redhat.com/browse/RHEL-58298
Patch10: 0001-imDefLkup-verify-that-a-pointer-isn-t-NULL-before-us.patch
BuildRequires: make BuildRequires: make
BuildRequires: xorg-x11-util-macros >= 1.11 BuildRequires: xorg-x11-util-macros >= 1.11
BuildRequires: pkgconfig(xproto) >= 7.0.15 BuildRequires: pkgconfig(xproto) >= 7.0.15
@ -135,6 +138,10 @@ make %{?_smp_mflags} check
%{_mandir}/man5/*.5* %{_mandir}/man5/*.5*
%changelog %changelog
* Fri Sep 13 2024 José Expósito <jexposit@redhat.com> - 1.7.0-10
- Backport NULL check to avoid a crash
Resolves: https://issues.redhat.com/browse/RHEL-58298
* Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 1.7.0-9 * Wed Oct 11 2023 José Expósito <jexposit@redhat.com> - 1.7.0-9
- Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms() - Fix CVE-2023-43785: out-of-bounds memory access in _XkbReadKeySyms()
- Fix CVE-2023-43786: stack exhaustion from infinite recursion in - Fix CVE-2023-43786: stack exhaustion from infinite recursion in