mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

freerdp: patch CVE-2023-39353

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39353

Pick the patch that was identified[1] by Debian as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2023-39353
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-01-21 08:04:37 +01:00
parent c793926ade
commit c9affa4bd5
2 changed files with 54 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39353.patch
+53
View File
@@ -0,0 +1,53 @@
From 944994cb41d62ea893bd8bdaf436e97f42965de0 Mon Sep 17 00:00:00 2001
From: Armin Novak <anovak@thincast.com>
Date: Sat, 5 Aug 2023 08:57:28 +0200
Subject: [PATCH] check indices are within range
reported by pwn2carr
CVE: CVE-2023-39353
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
libfreerdp/codec/rfx.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c
index 8c65e7508..998a7aa56 100644
--- a/libfreerdp/codec/rfx.c
+++ b/libfreerdp/codec/rfx.c
@@ -932,10 +932,33 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa
rc = FALSE;
break;
}
-
Stream_Read_UINT8(&sub, tile->quantIdxY); /* quantIdxY (1 byte) */
Stream_Read_UINT8(&sub, tile->quantIdxCb); /* quantIdxCb (1 byte) */
Stream_Read_UINT8(&sub, tile->quantIdxCr); /* quantIdxCr (1 byte) */
+ if (tile->quantIdxY >= context->numQuant)
+ {
+ WLog_Print(context->priv->log, WLOG_ERROR,
+ "quantIdxY %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxY,
+ context->numQuant);
+ rc = FALSE;
+ break;
+ }
+ if (tile->quantIdxCb >= context->numQuant)
+ {
+ WLog_Print(context->priv->log, WLOG_ERROR,
+ "quantIdxCb %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCb,
+ context->numQuant);
+ rc = FALSE;
+ break;
+ }
+ if (tile->quantIdxCr >= context->numQuant)
+ {
+ WLog_Print(context->priv->log, WLOG_ERROR,
+ "quantIdxCr %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCr,
+ context->numQuant);
+ rc = FALSE;
+ break;
+ }
Stream_Read_UINT16(&sub, tile->xIdx); /* xIdx (2 bytes) */
Stream_Read_UINT16(&sub, tile->yIdx); /* yIdx (2 bytes) */
Stream_Read_UINT16(&sub, tile->YLen); /* YLen (2 bytes) */
meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+1
View File
@@ -24,6 +24,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
file://CVE-2023-39350.patch \
file://CVE-2023-39351.patch \
file://CVE-2023-39352.patch \
file://CVE-2023-39353.patch \
"
S = "${WORKDIR}/git"