834669aa45
CVE-2022-46341 (#2151781), CVE-2022-46342 (#2151788), CVE-2022-46343 (#2151791), CVE-2022-46344 (#2151798) Resolves: rhbz#2151801 rhbz#2151776 rhbz#2151781 Resolves: rhbz#2151788 rhbz#2151791 rhbz#2151798
42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
From cb260ba95d2bb1ae98b05e289d1b7947ac409230 Mon Sep 17 00:00:00 2001
|
|
From: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Date: Tue, 29 Nov 2022 13:24:00 +1000
|
|
Subject: [PATCH xserver 2/7] Xi: return an error from XI property changes if
|
|
verification failed
|
|
|
|
Both ProcXChangeDeviceProperty and ProcXIChangeProperty checked the
|
|
property for validity but didn't actually return the potential error.
|
|
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
|
|
---
|
|
Xi/xiproperty.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c
|
|
index a36f7d61df..68c362c628 100644
|
|
--- a/Xi/xiproperty.c
|
|
+++ b/Xi/xiproperty.c
|
|
@@ -902,6 +902,8 @@ ProcXChangeDeviceProperty(ClientPtr client)
|
|
|
|
rc = check_change_property(client, stuff->property, stuff->type,
|
|
stuff->format, stuff->mode, stuff->nUnits);
|
|
+ if (rc != Success)
|
|
+ return rc;
|
|
|
|
len = stuff->nUnits;
|
|
if (len > (bytes_to_int32(0xffffffff - sizeof(xChangeDevicePropertyReq))))
|
|
@@ -1141,6 +1143,9 @@ ProcXIChangeProperty(ClientPtr client)
|
|
|
|
rc = check_change_property(client, stuff->property, stuff->type,
|
|
stuff->format, stuff->mode, stuff->num_items);
|
|
+ if (rc != Success)
|
|
+ return rc;
|
|
+
|
|
len = stuff->num_items;
|
|
if (len > bytes_to_int32(0xffffffff - sizeof(xXIChangePropertyReq)))
|
|
return BadLength;
|
|
--
|
|
2.38.1
|
|
|