freerdp3: patch CVE-2024-32662

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32662

Pick the patch that is mentioned in the above vulnerability report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta-oe/recipes-support/freerdp/freerdp3/CVE-2024-32662.patch

@@ -0,0 +1,28 @@
+From 950d2f039021c6fd8d476c08f10269c61bd1701e Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Mon, 22 Apr 2024 09:27:27 +0200
+Subject: [PATCH] fix length of redirection strings
+
+length field is in bytes, when converting from UCS-2 use size in WCHAR
+
+CVE: CVE-2024-32662
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/core/redirection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libfreerdp/core/redirection.c b/libfreerdp/core/redirection.c
+index 8538a9056..5343a071c 100644
+--- a/libfreerdp/core/redirection.c
++++ b/libfreerdp/core/redirection.c
+@@ -243,7 +243,7 @@ static BOOL rdp_redirection_read_base64_wchar(UINT32 flag, wStream* s, UINT32* p
+ 	const WCHAR* wchar = (const WCHAR*)ptr;
+ 
+ 	size_t utf8_len = 0;
+-	char* utf8 = ConvertWCharNToUtf8Alloc(wchar, *pLength, &utf8_len);
++	char* utf8 = ConvertWCharNToUtf8Alloc(wchar, *pLength / sizeof(WCHAR), &utf8_len);
+ 	if (!utf8)
+ 		goto fail;
+ 

meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb

@@ -18,6 +18,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
            file://CVE-2024-32659.patch \
            file://CVE-2024-32660.patch \
            file://CVE-2024-32661.patch \
+           file://CVE-2024-32662.patch \
            "
 
 S = "${WORKDIR}/git"