mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
xrdp: patch CVE-2022-23468
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468 Pick the patch that mentions this vulnerability explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,34 @@
|
|||||||
|
From 43cf272b1138462c1bdfc48ef7e9142208194382 Mon Sep 17 00:00:00 2001
|
||||||
|
From: matt335672 <30179339+matt335672@users.noreply.github.com>
|
||||||
|
Date: Wed, 7 Dec 2022 09:16:44 +0000
|
||||||
|
Subject: [PATCH] CVE-2022-23468
|
||||||
|
|
||||||
|
Login window - replace g_sprintf() withl g_snprintf() calls
|
||||||
|
|
||||||
|
CVE: CVE-2022-23468
|
||||||
|
Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
xrdp/xrdp_login_wnd.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
|
||||||
|
index 7a3134fd3e..28748676a1 100644
|
||||||
|
--- a/xrdp/xrdp_login_wnd.c
|
||||||
|
+++ b/xrdp/xrdp_login_wnd.c
|
||||||
|
@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
|
||||||
|
if (globals->ls_title[0] == 0)
|
||||||
|
{
|
||||||
|
g_gethostname(buf1, 256);
|
||||||
|
- g_sprintf(buf, "Login to %s", buf1);
|
||||||
|
+ g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
|
||||||
|
set_string(&self->login_window->caption1, buf);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/*self->login_window->caption1 = globals->ls_title[0];*/
|
||||||
|
- g_sprintf(buf, "%s", globals->ls_title);
|
||||||
|
+ g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
|
||||||
|
set_string(&self->login_window->caption1, buf);
|
||||||
|
}
|
||||||
|
|
||||||
@@ -15,6 +15,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
|
|||||||
file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \
|
file://0001-Added-req_distinguished_name-in-etc-xrdp-openssl.con.patch \
|
||||||
file://0001-Fix-the-compile-error.patch \
|
file://0001-Fix-the-compile-error.patch \
|
||||||
file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
|
file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
|
||||||
|
file://CVE-2022-23468.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "f76aa16034689bb8997e56fd554db29ba57caa1bab228a6eda28be4389dedeb9"
|
SRC_URI[sha256sum] = "f76aa16034689bb8997e56fd554db29ba57caa1bab228a6eda28be4389dedeb9"
|
||||||
|
|||||||
Reference in New Issue
Block a user