mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
freerdp: patch CVE-2023-39353
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39353 Pick the patch that was identified[1] by Debian as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2023-39353 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,53 @@
|
|||||||
|
From 944994cb41d62ea893bd8bdaf436e97f42965de0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Armin Novak <anovak@thincast.com>
|
||||||
|
Date: Sat, 5 Aug 2023 08:57:28 +0200
|
||||||
|
Subject: [PATCH] check indices are within range
|
||||||
|
|
||||||
|
reported by pwn2carr
|
||||||
|
|
||||||
|
CVE: CVE-2023-39353
|
||||||
|
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
libfreerdp/codec/rfx.c | 25 ++++++++++++++++++++++++-
|
||||||
|
1 file changed, 24 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c
|
||||||
|
index 8c65e7508..998a7aa56 100644
|
||||||
|
--- a/libfreerdp/codec/rfx.c
|
||||||
|
+++ b/libfreerdp/codec/rfx.c
|
||||||
|
@@ -932,10 +932,33 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa
|
||||||
|
rc = FALSE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
Stream_Read_UINT8(&sub, tile->quantIdxY); /* quantIdxY (1 byte) */
|
||||||
|
Stream_Read_UINT8(&sub, tile->quantIdxCb); /* quantIdxCb (1 byte) */
|
||||||
|
Stream_Read_UINT8(&sub, tile->quantIdxCr); /* quantIdxCr (1 byte) */
|
||||||
|
+ if (tile->quantIdxY >= context->numQuant)
|
||||||
|
+ {
|
||||||
|
+ WLog_Print(context->priv->log, WLOG_ERROR,
|
||||||
|
+ "quantIdxY %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxY,
|
||||||
|
+ context->numQuant);
|
||||||
|
+ rc = FALSE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (tile->quantIdxCb >= context->numQuant)
|
||||||
|
+ {
|
||||||
|
+ WLog_Print(context->priv->log, WLOG_ERROR,
|
||||||
|
+ "quantIdxCb %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCb,
|
||||||
|
+ context->numQuant);
|
||||||
|
+ rc = FALSE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ if (tile->quantIdxCr >= context->numQuant)
|
||||||
|
+ {
|
||||||
|
+ WLog_Print(context->priv->log, WLOG_ERROR,
|
||||||
|
+ "quantIdxCr %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCr,
|
||||||
|
+ context->numQuant);
|
||||||
|
+ rc = FALSE;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
Stream_Read_UINT16(&sub, tile->xIdx); /* xIdx (2 bytes) */
|
||||||
|
Stream_Read_UINT16(&sub, tile->yIdx); /* yIdx (2 bytes) */
|
||||||
|
Stream_Read_UINT16(&sub, tile->YLen); /* YLen (2 bytes) */
|
||||||
@@ -24,6 +24,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
|
|||||||
file://CVE-2023-39350.patch \
|
file://CVE-2023-39350.patch \
|
||||||
file://CVE-2023-39351.patch \
|
file://CVE-2023-39351.patch \
|
||||||
file://CVE-2023-39352.patch \
|
file://CVE-2023-39352.patch \
|
||||||
|
file://CVE-2023-39353.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|||||||
Reference in New Issue
Block a user