mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

freerdp3: fix CVE-2026-23948

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23948

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-04-09 19:09:01 +12:00
committed by Anuj Mittal
parent 21af1f7e13
commit a0221753e4
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-23948.patch
+55
View File
@@ -0,0 +1,55 @@
From b5693e6cc688e7cd36016f53392998b1945ff7df Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Mon, 19 Jan 2026 20:11:24 +0100
Subject: [PATCH] [core,info] fix missing NULL check
CVE: CVE-2026-23948
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/4d44e3c097656a8b9ec696353647b0888ca45860]
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
libfreerdp/core/info.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c
index 3395e4d2e..81e59a060 100644
--- a/libfreerdp/core/info.c
+++ b/libfreerdp/core/info.c
@@ -1424,7 +1424,7 @@ static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info)
return TRUE;
}
-static BOOL rdp_write_logon_info_v2(wStream* s, logon_info* info)
+static BOOL rdp_write_logon_info_v2(wStream* s, const logon_info* info)
{
size_t domainLen = 0;
size_t usernameLen = 0;
@@ -1439,11 +1439,13 @@ static BOOL rdp_write_logon_info_v2(wStream* s, logon_info* info)
*/
Stream_Write_UINT32(s, logonInfoV2Size);
Stream_Write_UINT32(s, info->sessionId);
- domainLen = strnlen(info->domain, UINT32_MAX);
+ if (info->domain)
+ domainLen = strnlen(info->domain, UINT32_MAX);
if (domainLen >= UINT32_MAX / sizeof(WCHAR))
return FALSE;
Stream_Write_UINT32(s, (UINT32)(domainLen + 1) * sizeof(WCHAR));
- usernameLen = strnlen(info->username, UINT32_MAX);
+ if (info->username)
+ usernameLen = strnlen(info->username, UINT32_MAX);
if (usernameLen >= UINT32_MAX / sizeof(WCHAR))
return FALSE;
Stream_Write_UINT32(s, (UINT32)(usernameLen + 1) * sizeof(WCHAR));
@@ -1510,10 +1512,11 @@ static BOOL rdp_write_logon_info_ex(wStream* s, logon_info_ex* info)
BOOL rdp_send_save_session_info(rdpContext* context, UINT32 type, void* data)
{
- wStream* s = NULL;
BOOL status = 0;
+
+ WINPR_ASSERT(context);
rdpRdp* rdp = context->rdp;
- s = rdp_data_pdu_init(rdp);
+ wStream* s = rdp_data_pdu_init(rdp);
if (!s)
return FALSE;
meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
file://CVE-2025-4478.patch \
file://CVE-2026-25941.patch \
file://CVE-2026-33952.patch \
file://CVE-2026-23948.patch \
"
S = "${WORKDIR}/git"