mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
xrdp: patch CVE-2022-23477
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit a6efc5b285)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
committed by
Anuj Mittal
parent
c7570405e8
commit
72c3d49f78
@@ -0,0 +1,38 @@
|
|||||||
|
From d49f269af82be5f14b193d4edfcb63b547a16ff4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: matt335672 <30179339+matt335672@users.noreply.github.com>
|
||||||
|
Date: Tue, 6 Dec 2022 11:31:31 +0000
|
||||||
|
Subject: [PATCH] CVE-2022-23477
|
||||||
|
|
||||||
|
Prevent buffer overflow for oversized audio format from client
|
||||||
|
|
||||||
|
CVE: CVE-2022-23477
|
||||||
|
Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/d49f269af82be5f14b193d4edfcb63b547a16ff4]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
sesman/chansrv/audin.c | 7 ++++---
|
||||||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/sesman/chansrv/audin.c b/sesman/chansrv/audin.c
|
||||||
|
index cd802fa519..36a8027a57 100644
|
||||||
|
--- a/sesman/chansrv/audin.c
|
||||||
|
+++ b/sesman/chansrv/audin.c
|
||||||
|
@@ -181,15 +181,16 @@ audin_send_open(int chan_id)
|
||||||
|
int error;
|
||||||
|
int bytes;
|
||||||
|
struct stream *s;
|
||||||
|
- struct xr_wave_format_ex *wf;
|
||||||
|
+ struct xr_wave_format_ex *wf = g_client_formats[g_current_format];
|
||||||
|
|
||||||
|
LOG_DEVEL(LOG_LEVEL_INFO, "audin_send_open:");
|
||||||
|
make_stream(s);
|
||||||
|
- init_stream(s, 8192);
|
||||||
|
+ /* wf->cbSize was checked when the format was received */
|
||||||
|
+ init_stream(s, wf->cbSize + 64);
|
||||||
|
+
|
||||||
|
out_uint8(s, MSG_SNDIN_OPEN);
|
||||||
|
out_uint32_le(s, 2048); /* FramesPerPacket */
|
||||||
|
out_uint32_le(s, g_current_format); /* initialFormat */
|
||||||
|
- wf = g_client_formats[g_current_format];
|
||||||
|
out_uint16_le(s, wf->wFormatTag);
|
||||||
|
out_uint16_le(s, wf->nChannels);
|
||||||
|
out_uint32_le(s, wf->nSamplesPerSec);
|
||||||
@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
|
|||||||
file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
|
file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
|
||||||
file://0001-mark-count-with-unused-attribute.patch \
|
file://0001-mark-count-with-unused-attribute.patch \
|
||||||
file://CVE-2022-23468.patch \
|
file://CVE-2022-23468.patch \
|
||||||
|
file://CVE-2022-23477.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
|
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
|
||||||
|
|||||||
Reference in New Issue
Block a user