xrdp: patch CVE-2023-40184

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184 Pick the patch that is associated with the github advisory[1], which is a backported version of the patch that is referenced by the nvd report. [1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-06-14 05:49:57 +00:00 · 2025-12-04 08:56:34 +01:00
parent f81041bb39
commit 259e4f9266
2 changed files with 74 additions and 0 deletions
@@ -0,0 +1,73 @@
+From 322d11b431e4773f77aaeb764571a3a8d60f9fca Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Sat, 19 Aug 2023 13:26:44 +0100
+Subject: [PATCH] [v0.9] Check auth_start_session() result
+
+CVE: CVE-2023-40184
+Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/8c5b7cdff3929dc59c5f13e33cec839ed45d1c34]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ sesman/session.c         |  7 ++++++-
+ sesman/verify_user_pam.c | 24 ++++++++++++++++++++++--
+ 2 files changed, 28 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/session.c b/sesman/session.c
+index 441f8d3a60..d352f5e859 100644
+--- a/sesman/session.c
+++ b/sesman/session.c
+@@ -526,7 +526,12 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
+         g_delete_wait_obj(g_sigchld_event);
+         g_delete_wait_obj(g_term_event);
+ 
+-        auth_start_session(data, display);
+        if (auth_start_session(data, display) != 0)
+        {
+            // Errors are logged by the auth module, as they are
+            // specific to that module
+            g_exit(1);
+        }
+         sesman_close_all();
+         g_sprintf(geometry, "%dx%d", s->width, s->height);
+         g_sprintf(depth, "%d", s->bpp);
+diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
+index a34d83cd7d..ed17397fc3 100644
+--- a/sesman/verify_user_pam.c
+++ b/sesman/verify_user_pam.c
+@@ -316,8 +316,8 @@ auth_userpass(const char *user, const char *pass, int *errorcode)
+ 
+ /******************************************************************************/
+ /* returns error */
+-int
+-auth_start_session(long in_val, int in_display)
+static int
+auth_start_session_private(long in_val, int in_display)
+ {
+     struct t_auth_info *auth_info;
+     int error;
+@@ -357,6 +357,26 @@ auth_start_session(long in_val, int in_display)
+     return 0;
+ }
+ 
+/******************************************************************************/
+/**
+ * Main routine to start a session
+ *
+ * Calls the private routine and logs an additional error if the private
+ * routine fails
+ */
+int
+auth_start_session(long in_val, int in_display)
+{
+    int result = auth_start_session_private(in_val, in_display);
+    if (result != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "Can't start PAM session. See PAM logging for more info");
+    }
+
+    return result;
+}
+
+ /******************************************************************************/
+ /* returns error */
+ int
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
           file://CVE-2022-23483.patch \
           file://CVE-2022-23484.patch \
           file://CVE-2022-23493.patch \
+           file://CVE-2023-40184.patch \
           "

 SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"