mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

xrdp: patch CVE-2025-68670

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68670

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-02-25 12:59:31 +13:00
committed by Anuj Mittal
parent 24abd61c54
commit 9783e418db
2 changed files with 79 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch
+78
View File
@@ -0,0 +1,78 @@
From 2fbc0cde4383a13089ccaddfb7ec60b2f740aab2 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Thu, 18 Dec 2025 11:37:30 +0000
Subject: [PATCH] CVE-2025-68670: Buffer overflow parsing domain
A potential overflow in xrdp_wm_parse_domain_information() is
addressed
CVE: CVE-2025-68670
Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/dd4b56c9873bd246ba3d815522b27d90c99fcc30]
(cherry picked from commit dd4b56c9873bd246ba3d815522b27d90c99fcc30)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
xrdp/xrdp_login_wnd.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 28748676..1fe9ea50 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -277,7 +277,8 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd)
*/
static int
xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
- int decode, char *resultBuffer)
+ int decode,
+ char *resultBuffer, unsigned int resultSize)
{
int ret;
int pos;
@@ -287,8 +288,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
/* If the first char in the domain name is '_' we use the domain
name as IP*/
ret = 0; /* default return value */
- /* resultBuffer assumed to be 256 chars */
- g_memset(resultBuffer, 0, 256);
+ g_memset(resultBuffer, 0, resultSize);
if (originalDomainInfo[0] == '_')
{
/* we try to locate a number indicating what combobox index the user
@@ -298,7 +298,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
* Invalid chars are ignored in microsoft client therefore we use '_'
* again. this sec '__' contains the split for index.*/
pos = g_pos(&originalDomainInfo[1], "__");
- if (pos > 0)
+ if (pos > 0 && (unsigned int)pos < resultSize)
{
/* an index is found we try to use it */
LOG(LOG_LEVEL_DEBUG, "domain contains index char __");
@@ -325,7 +325,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
else
{
LOG(LOG_LEVEL_DEBUG, "domain does not contain _");
- g_strncpy(resultBuffer, &originalDomainInfo[1], 255);
+ g_strncpy(resultBuffer, &originalDomainInfo[1], resultSize - 1);
}
}
return ret;
@@ -450,7 +450,8 @@ xrdp_wm_show_edits(struct xrdp_wm *self, struct xrdp_bitmap *combo)
{
xrdp_wm_parse_domain_information(
self->session->client_info->domain,
- combo->data_list->count, 0, resultIP);
+ combo->data_list->count, 0,
+ resultIP, sizeof(resultIP));
g_strncpy(b->caption1, resultIP, 255);
b->edit_pos = g_mbstowcs(0, b->caption1, 0);
}
@@ -875,7 +876,8 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
combo->item_index = xrdp_wm_parse_domain_information(
self->session->client_info->domain,
combo->data_list->count, 1,
- resultIP /* just a dummy place holder, we ignore */ );
+ resultIP,/* just a dummy place holder, we ignore */
+ sizeof(resultIP));
xrdp_wm_show_edits(self, combo);
return 0;
meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
+1
View File
@@ -29,6 +29,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
file://CVE-2022-23493.patch \
file://CVE-2023-40184.patch \
file://CVE-2023-42822.patch \
file://CVE-2025-68670.patch \
"
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"