mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

freerdp: patch CVE-2023-39350

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39350

Pick the patch that was identified[1] by Debian as the solution.
Note that the NVD report also references a commit as a patch - however
that seems to be incorrect. Although the NVD patch also solves a
vulnerability, it solves a different CVE (CVE-2023-39353), not this.

[1]: https://security-tracker.debian.org/tracker/CVE-2023-39350

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-20 13:32:23 +01:00
parent f0e689ff4d
commit 9e67ae18b0
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39350.patch
+42
View File
@@ -0,0 +1,42 @@
From 31ede2c7f721cb32a4a4c7ec843e9ddafb69ba53 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Fri, 4 Aug 2023 13:55:40 +0200
Subject: [PATCH] fix possible out of bound read
Allows malicious servers to crash FreeRDP based clients
reported by pwn2carr
(cherry picked from commit a51952882f2eb3bbce6b69a7a4f9a54bf1dbb672)
CVE: CVE-2023-39350
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
libfreerdp/codec/rfx.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c
index 38eb1b9a4..bbd7aafa3 100644
--- a/libfreerdp/codec/rfx.c
+++ b/libfreerdp/codec/rfx.c
@@ -1129,8 +1129,18 @@ BOOL rfx_process_message(RFX_CONTEXT* context, const BYTE* data, UINT32 length,
}
}
- Stream_StaticInit(&subStream, Stream_Pointer(s), blockLen - (6 + extraBlockLen));
- Stream_Seek(s, blockLen - (6 + extraBlockLen));
+ const size_t blockLenNoHeader = blockLen - 6;
+ if (blockLenNoHeader < extraBlockLen)
+ {
+ WLog_Print(context->priv->log, WLOG_ERROR,
+ "blockLen too small(%" PRIu32 "), must be >= 6 + %" PRIu16, blockLen,
+ extraBlockLen);
+ return FALSE;
+ }
+
+ const size_t subStreamLen = blockLenNoHeader - extraBlockLen;
+ Stream_StaticInit(&subStream, Stream_Pointer(s), subStreamLen);
+ Stream_Seek(s, subStreamLen);
switch (blockType)
{
meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+1
View File
@@ -21,6 +21,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
file://CVE-2022-24883.patch \
file://CVE-2022-39282.patch \
file://CVE-2022-39320.patch \
file://CVE-2023-39350.patch \
"
S = "${WORKDIR}/git"