mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
xrdp: patch CVE-2022-23482
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit 31694c82e3)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
5655e97093
commit
2f2e3c16c0
@@ -0,0 +1,69 @@
|
|||||||
|
From bb9766c79f24a0238644e273bbcdcb2c9d2df1bf Mon Sep 17 00:00:00 2001
|
||||||
|
From: matt335672 <30179339+matt335672@users.noreply.github.com>
|
||||||
|
Date: Wed, 7 Dec 2022 11:05:46 +0000
|
||||||
|
Subject: [PATCH] CVE-2022-23482
|
||||||
|
|
||||||
|
Check minimum length of TS_UD_CS_CORE message
|
||||||
|
|
||||||
|
CVE: CVE-2022-23482
|
||||||
|
Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/bb9766c79f24a0238644e273bbcdcb2c9d2df1bf]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
libxrdp/xrdp_sec.c | 23 ++++++++++++++++++++++-
|
||||||
|
1 file changed, 22 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
|
||||||
|
index 691d4f04f3..084fca6b8d 100644
|
||||||
|
--- a/libxrdp/xrdp_sec.c
|
||||||
|
+++ b/libxrdp/xrdp_sec.c
|
||||||
|
@@ -1946,6 +1946,17 @@ xrdp_sec_send_fastpath(struct xrdp_sec *self, struct stream *s)
|
||||||
|
static int
|
||||||
|
xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec *self, struct stream *s)
|
||||||
|
{
|
||||||
|
+#define CS_CORE_MIN_LENGTH \
|
||||||
|
+ (\
|
||||||
|
+ 4 + /* Version */ \
|
||||||
|
+ 2 + 2 + /* desktopWidth + desktopHeight */ \
|
||||||
|
+ 2 + 2 + /* colorDepth + SASSequence */ \
|
||||||
|
+ 4 + /* keyboardLayout */ \
|
||||||
|
+ 4 + 32 + /* clientBuild + clientName */ \
|
||||||
|
+ 4 + 4 + 4 + /* keyboardType + keyboardSubType + keyboardFunctionKey */ \
|
||||||
|
+ 64 + /* imeFileName */ \
|
||||||
|
+ 0)
|
||||||
|
+
|
||||||
|
int version;
|
||||||
|
int colorDepth;
|
||||||
|
int postBeta2ColorDepth;
|
||||||
|
@@ -1956,7 +1967,12 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec *self, struct stream *s)
|
||||||
|
|
||||||
|
UNUSED_VAR(version);
|
||||||
|
|
||||||
|
- /* TS_UD_CS_CORE requiered fields */
|
||||||
|
+ /* TS_UD_CS_CORE required fields */
|
||||||
|
+ if (!s_check_rem_and_log(s, CS_CORE_MIN_LENGTH,
|
||||||
|
+ "Parsing [MS-RDPBCGR] TS_UD_CS_CORE"))
|
||||||
|
+ {
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
in_uint32_le(s, version);
|
||||||
|
in_uint16_le(s, self->rdp_layer->client_info.width);
|
||||||
|
in_uint16_le(s, self->rdp_layer->client_info.height);
|
||||||
|
@@ -1994,6 +2010,10 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec *self, struct stream *s)
|
||||||
|
clientName);
|
||||||
|
|
||||||
|
/* TS_UD_CS_CORE optional fields */
|
||||||
|
+ if (!s_check_rem(s, 2))
|
||||||
|
+ {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
in_uint16_le(s, postBeta2ColorDepth);
|
||||||
|
LOG_DEVEL(LOG_LEVEL_TRACE, "Received [MS-RDPBCGR] TS_UD_CS_CORE "
|
||||||
|
"<Optional Field> postBeta2ColorDepth %s",
|
||||||
|
@@ -2138,6 +2158,7 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec *self, struct stream *s)
|
||||||
|
"<Optional Field> desktopOrientation (ignored)");
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
+#undef CS_CORE_MIN_LENGTH
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
@@ -23,6 +23,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
|
|||||||
file://CVE-2022-23480-1.patch \
|
file://CVE-2022-23480-1.patch \
|
||||||
file://CVE-2022-23480-2.patch \
|
file://CVE-2022-23480-2.patch \
|
||||||
file://CVE-2022-23481.patch \
|
file://CVE-2022-23481.patch \
|
||||||
|
file://CVE-2022-23482.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
|
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
|
||||||
|
|||||||
Reference in New Issue
Block a user