XLibre/xserver
1
1
Fork 0
mirror of https://github.com/X11Libre/xserver.git synced 2026-03-24 10:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a6c0d7b142e762a6b9934a23e060ea91ff5afcea
xserver/Xi
History
Peter Hutterer a6c0d7b142 Xi: disallow passive grabs with a detail > 255 
The XKB protocol effectively prevents us from ever using keycodes above
255. For buttons it's theoretically possible but realistically too niche
to worry about. For all other passive grabs, the detail must be zero
anyway.

This fixes an OOB write:

ProcXIPassiveUngrabDevice() calls DeletePassiveGrabFromList with a
temporary grab struct which contains tempGrab->detail.exact = stuff->detail.
For matching existing grabs, DeleteDetailFromMask is called with the
stuff->detail value. This function creates a new mask with the one bit
representing stuff->detail cleared.

However, the array size for the new mask is 8 * sizeof(CARD32) bits,
thus any detail above 255 results in an OOB array write.

CVE-2022-46341, ZDI-CAN 19381

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
(cherry picked from commit 51eb63b0ee)
2022-12-14 11:24:39 +10:00
..
allowev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
allowev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgdctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgdctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgfctl.c
Fix XChangeFeedbackControl() request underflow
2021-04-13 14:28:13 +02:00
chgfctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgkbd.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgkbd.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgkmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgkmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgprop.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgprop.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
chgptr.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
chgptr.h
Xi: Remove redundant declaration.
2012-05-14 13:17:30 +01:00
closedev.c
Fix spelling/wording issues
2020-07-05 13:07:33 -07:00
closedev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
devbell.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
devbell.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
exevents.c
dix: Correctly save replayed event into GrabInfoRec
2022-07-01 15:15:15 +03:00
exglobals.h
xinput: Remove PropagateMask
2020-03-30 21:48:11 +00:00
extinit.c
xi: Implement conversions from internal to Xi2 gesture event structs
2021-05-30 13:26:37 +03:00
getbmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getbmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getdctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getdctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getfctl.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getfctl.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getkmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getkmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getmmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getmmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getprop.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getprop.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getselev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getselev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
getvers.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
getvers.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdev.c
Fix spelling/wording issues
2020-07-05 13:07:33 -07:00
grabdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdevb.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
grabdevb.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
grabdevk.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
grabdevk.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
gtmotion.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
gtmotion.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
listdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
listdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
Makefile.am
Build Xi/stubs.c once as a convenience library, rather than once for each DDX which wants to use it
2014-03-27 14:09:43 +00:00
meson.build
Add a Meson build system alongside autotools.
2017-04-26 15:25:27 -07:00
opendev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
opendev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
queryst.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
queryst.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
selectev.c
xinput: Remove ExtExclusiveMasks
2020-03-30 21:48:11 +00:00
selectev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
sendexev.c
Xi: Do not try to swap GenericEvent.
2017-06-19 11:58:56 +10:00
sendexev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setbmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setbmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setdval.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setdval.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setmmap.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setmmap.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
setmode.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
setmode.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
stubs.c
ddx: add new call to purge input devices that weren't added
2016-10-26 15:35:07 +10:00
ungrdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
ungrdevb.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdevb.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
ungrdevk.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
ungrdevk.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiallowev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiallowev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xibarriers.c
Xi: lock the input thread for any pointer barrier list manipulation
2019-02-14 09:10:58 +10:00
xibarriers.h
Xi: free barrier code at reset time
2013-05-07 09:41:19 +10:00
xichangecursor.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xichangecursor.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xichangehierarchy.c
Fix XIChangeHierarchy() integer underflow
2020-08-25 17:01:29 +02:00
xichangehierarchy.h
xinput: Silence a warning from gcc 11
2021-08-17 16:02:44 -04:00
xigetclientpointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xigetclientpointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xigrabdev.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xigrabdev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xipassivegrab.c
Xi: disallow passive grabs with a detail > 255
2022-12-14 11:24:39 +10:00
xipassivegrab.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiproperty.c
Fix spelling/wording issues
2020-07-05 13:07:33 -07:00
xiproperty.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiquerydevice.c
Xi: Work around broken libxcb that doesn't ignore unknown device classes
2021-05-30 13:46:59 +03:00
xiquerydevice.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiquerypointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiquerypointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiqueryversion.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xiqueryversion.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiselectev.c
xi: Implement selection logic for gesture event types
2021-05-30 13:26:33 +03:00
xiselectev.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xisetclientpointer.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xisetclientpointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xisetdevfocus.c
dispatch: Mark swapped dispatch as _X_COLD
2017-03-01 10:16:20 -05:00
xisetdevfocus.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00
xiwarppointer.c
Xi: Use WarpPointerProc hook on XI pointer warping implementation
2017-06-07 14:49:04 +10:00
xiwarppointer.h
Introduce a consistent coding style
2012-03-21 13:54:42 -07:00