mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
freerdp3: fix CVE-2026-25941
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25941 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,28 @@
|
|||||||
|
From 52f2ae7b2377efc80abb742e452a8565372fd29e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Armin Novak <armin.novak@thincast.com>
|
||||||
|
Date: Mon, 9 Feb 2026 13:18:51 +0100
|
||||||
|
Subject: [PATCH] [channels,rdpgfx] check available stream length
|
||||||
|
|
||||||
|
(cherry picked from commit 2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2)
|
||||||
|
|
||||||
|
CVE: CVE-2026-25941
|
||||||
|
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2]
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
channels/rdpgfx/client/rdpgfx_main.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/channels/rdpgfx/client/rdpgfx_main.c b/channels/rdpgfx/client/rdpgfx_main.c
|
||||||
|
index dd59c8b23..c08436b40 100644
|
||||||
|
--- a/channels/rdpgfx/client/rdpgfx_main.c
|
||||||
|
+++ b/channels/rdpgfx/client/rdpgfx_main.c
|
||||||
|
@@ -1371,7 +1371,8 @@ static UINT rdpgfx_recv_wire_to_surface_2_pdu(GENERIC_CHANNEL_CALLBACK* callback
|
||||||
|
Stream_Read_UINT8(s, pdu.pixelFormat); /* pixelFormat (1 byte) */
|
||||||
|
Stream_Read_UINT32(s, pdu.bitmapDataLength); /* bitmapDataLength (4 bytes) */
|
||||||
|
pdu.bitmapData = Stream_Pointer(s);
|
||||||
|
- Stream_Seek(s, pdu.bitmapDataLength);
|
||||||
|
+ if (!Stream_SafeSeek(s, pdu.bitmapDataLength))
|
||||||
|
+ return ERROR_INVALID_DATA;
|
||||||
|
|
||||||
|
DEBUG_RDPGFX(gfx->log,
|
||||||
|
"RecvWireToSurface2Pdu: surfaceId: %" PRIu16 " codecId: %s (0x%04" PRIX16 ") "
|
||||||
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
|
|||||||
file://CVE-2024-32661.patch \
|
file://CVE-2024-32661.patch \
|
||||||
file://CVE-2024-32662.patch \
|
file://CVE-2024-32662.patch \
|
||||||
file://CVE-2025-4478.patch \
|
file://CVE-2025-4478.patch \
|
||||||
|
file://CVE-2026-25941.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user