CVS commit: [netbsd-9] xsrc/external/mit

Martin Husemann Tue, 14 Feb 2023 08:01:14 -0800

Module Name:    xsrc
Committed By:   martin
Date:           Tue Feb 14 16:01:05 UTC 2023


Modified Files:
        xsrc/external/mit/xorg-server.old/dist/Xi [netbsd-9]: exevents.c
        xsrc/external/mit/xorg-server/dist/Xi [netbsd-9]: exevents.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1592):

        external/mit/xorg-server.old/dist/Xi/exevents.c: revision 1.2
        external/mit/xorg-server/dist/Xi/exevents.c     (apply patch)

pullover fix from xorg-server 21.1.7:
  
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec

Xi: fix potential use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer's avatarPeter Hutterer 
<peter.hutterer%who-t.net@localhost>


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.4.1 \
    xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c
cvs rdiff -u -r1.1.1.9 -r1.1.1.9.2.1 \
    xsrc/external/mit/xorg-server/dist/Xi/exevents.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c
diff -u xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1 xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1.4.1
--- xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c:1.1.1.1	Thu Jun  9 09:07:56 2016
+++ xsrc/external/mit/xorg-server.old/dist/Xi/exevents.c	Tue Feb 14 16:01:05 2023
@@ -586,8 +586,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
             }
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
                     sizeof(XkbAction));
-        } else
+        } else {
             free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+	}
 
          memcpy(to->button->labels, from->button->labels,
                 from->button->numButtons * sizeof(Atom));

Index: xsrc/external/mit/xorg-server/dist/Xi/exevents.c
diff -u xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.9 xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.9.2.1
--- xsrc/external/mit/xorg-server/dist/Xi/exevents.c:1.1.1.9	Mon Dec 31 09:36:08 2018
+++ xsrc/external/mit/xorg-server/dist/Xi/exevents.c	Tue Feb 14 16:01:05 2023
@@ -574,9 +574,10 @@ DeepCopyPointerClasses(DeviceIntPtr from
             }
             memcpy(to->button->xkb_acts, from->button->xkb_acts,
                    sizeof(XkbAction));
-        }
-        else
+        } else {
             free(to->button->xkb_acts);
+            to->button->xkb_acts = NULL;
+	}
 
         memcpy(to->button->labels, from->button->labels,
                from->button->numButtons * sizeof(Atom));

CVS commit: [netbsd-9] xsrc/external/mit

Reply via email to