45 lines
1.7 KiB
Diff
45 lines
1.7 KiB
Diff
From 51be9e767a02cdc6a524dc895dcc81abb689d50b Mon Sep 17 00:00:00 2001
|
|
From: Olivier Fourdan <ofourdan@redhat.com>
|
|
Date: Wed, 6 Dec 2023 11:51:56 +0100
|
|
Subject: [PATCH xserver 9/9] ephyr,xwayland: Use the proper private key for
|
|
cursor
|
|
|
|
The cursor in DIX is actually split in two parts, the cursor itself and
|
|
the cursor bits, each with their own devPrivates.
|
|
|
|
The cursor itself includes the cursor bits, meaning that the cursor bits
|
|
devPrivates in within structure of the cursor.
|
|
|
|
Both Xephyr and Xwayland were using the private key for the cursor bits
|
|
to store the data for the cursor, and when using XSELINUX which comes
|
|
with its own special devPrivates, the data stored in that cursor bits'
|
|
devPrivates would interfere with the XSELINUX devPrivates data and the
|
|
SELINUX security ID would point to some other unrelated data, causing a
|
|
crash in the XSELINUX code when trying to (re)use the security ID.
|
|
|
|
CVE-2024-0409
|
|
|
|
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
|
|
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
(cherry picked from commit 2ef0f1116c65d5cb06d7b6d83f8a1aea702c94f7)
|
|
---
|
|
hw/xwayland/xwayland-cursor.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/xwayland/xwayland-cursor.c b/hw/xwayland/xwayland-cursor.c
|
|
index e3c1aaa50..bd94b0cfb 100644
|
|
--- a/hw/xwayland/xwayland-cursor.c
|
|
+++ b/hw/xwayland/xwayland-cursor.c
|
|
@@ -431,7 +431,7 @@ static miPointerScreenFuncRec xwl_pointer_screen_funcs = {
|
|
Bool
|
|
xwl_screen_init_cursor(struct xwl_screen *xwl_screen)
|
|
{
|
|
- if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR_BITS, 0))
|
|
+ if (!dixRegisterPrivateKey(&xwl_cursor_private_key, PRIVATE_CURSOR, 0))
|
|
return FALSE;
|
|
|
|
return miPointerInitialize(xwl_screen->screen,
|
|
--
|
|
2.43.0
|
|
|