freerdp3: patch CVE-2024-32661

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32661 Pick the patch that is mentioned in the above vulnerability report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2026-06-14 05:49:57 +00:00 · 2025-10-11 20:13:38 +02:00
parent 6acb319466
commit d577aca11c
2 changed files with 29 additions and 0 deletions
@@ -0,0 +1,28 @@
+From baf5543fe8f2db56edc26c8ad93e20696b905da8 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sun, 21 Apr 2024 13:56:13 +0200
+Subject: [PATCH] fix missing check in rdp_write_logon_info_v1
+
+CVE: CVE-2024-32661
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/core/info.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c
+index 7d6eec137..3395e4d2e 100644
+--- a/libfreerdp/core/info.c
+++ b/libfreerdp/core/info.c
+@@ -1398,6 +1398,10 @@ static BOOL rdp_write_logon_info_v1(wStream* s, logon_info* info)
+ 		return FALSE;
+ 
+ 	/* domain */
+	WINPR_ASSERT(info);
+	if (!info->domain || !info->username)
+		return FALSE;
+
+ 	len = strnlen(info->domain, charLen + 1);
+ 	if (len > charLen)
+ 		return FALSE;
@@ -17,6 +17,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
           file://CVE-2024-32658.patch \
           file://CVE-2024-32659.patch \
           file://CVE-2024-32660.patch \
+           file://CVE-2024-32661.patch \
           "

 S = "${WORKDIR}/git"