mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
freerdp: patch CVE-2022-24883
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24883 Pick the patch that is mentioned in teh NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,102 @@
|
|||||||
|
From 3912ccfe5bac0db647b9e1c26b50e75055aee4b9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: akallabeth <akallabeth@posteo.net>
|
||||||
|
Date: Fri, 22 Apr 2022 14:42:11 +0200
|
||||||
|
Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash
|
||||||
|
|
||||||
|
(cherry picked from commit 4661492e5a617199457c8074bad22f766a116cdc)
|
||||||
|
|
||||||
|
CVE: CVE-2022-24883
|
||||||
|
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 60 ++++++++++---------------
|
||||||
|
1 file changed, 24 insertions(+), 36 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
|
||||||
|
index dbd7f7fb0..48c07d5c1 100644
|
||||||
|
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
|
||||||
|
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
|
||||||
|
@@ -206,59 +206,47 @@ void ntlm_generate_timestamp(NTLM_CONTEXT* context)
|
||||||
|
ntlm_current_time(context->Timestamp);
|
||||||
|
}
|
||||||
|
|
||||||
|
-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
|
||||||
|
+static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
|
||||||
|
{
|
||||||
|
- WINPR_SAM* sam;
|
||||||
|
- WINPR_SAM_ENTRY* entry;
|
||||||
|
+ BOOL rc = FALSE;
|
||||||
|
+ WINPR_SAM* sam = NULL;
|
||||||
|
+ WINPR_SAM_ENTRY* entry = NULL;
|
||||||
|
SSPI_CREDENTIALS* credentials = context->credentials;
|
||||||
|
sam = SamOpen(context->SamFile, TRUE);
|
||||||
|
|
||||||
|
if (!sam)
|
||||||
|
- return -1;
|
||||||
|
+ goto fail;
|
||||||
|
|
||||||
|
entry = SamLookupUserW(
|
||||||
|
- sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2,
|
||||||
|
- (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2);
|
||||||
|
+ sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR),
|
||||||
|
+ (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR));
|
||||||
|
|
||||||
|
- if (entry)
|
||||||
|
+ if (!entry)
|
||||||
|
{
|
||||||
|
-#ifdef WITH_DEBUG_NTLM
|
||||||
|
- WLog_DBG(TAG, "NTLM Hash:");
|
||||||
|
- winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
|
||||||
|
-#endif
|
||||||
|
- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
|
||||||
|
- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
|
||||||
|
- credentials->identity.DomainLength * 2, (BYTE*)hash);
|
||||||
|
- SamFreeEntry(sam, entry);
|
||||||
|
- SamClose(sam);
|
||||||
|
- return 1;
|
||||||
|
+ entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
|
||||||
|
+ credentials->identity.UserLength * sizeof(WCHAR), NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
- entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
|
||||||
|
- credentials->identity.UserLength * 2, NULL, 0);
|
||||||
|
-
|
||||||
|
- if (entry)
|
||||||
|
- {
|
||||||
|
+ if (!entry)
|
||||||
|
+ goto fail;
|
||||||
|
#ifdef WITH_DEBUG_NTLM
|
||||||
|
WLog_DBG(TAG, "NTLM Hash:");
|
||||||
|
winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
|
||||||
|
#endif
|
||||||
|
- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
|
||||||
|
- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
|
||||||
|
- credentials->identity.DomainLength * 2, (BYTE*)hash);
|
||||||
|
- SamFreeEntry(sam, entry);
|
||||||
|
- SamClose(sam);
|
||||||
|
- return 1;
|
||||||
|
- }
|
||||||
|
- else
|
||||||
|
- {
|
||||||
|
- SamClose(sam);
|
||||||
|
- WLog_ERR(TAG, "Error: Could not find user in SAM database");
|
||||||
|
- return 0;
|
||||||
|
- }
|
||||||
|
+ NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
|
||||||
|
+ credentials->identity.UserLength * sizeof(WCHAR),
|
||||||
|
+ (LPWSTR)credentials->identity.Domain,
|
||||||
|
+ credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash);
|
||||||
|
+
|
||||||
|
+ rc = TRUE;
|
||||||
|
|
||||||
|
+fail:
|
||||||
|
+ SamFreeEntry(sam, entry);
|
||||||
|
SamClose(sam);
|
||||||
|
- return 1;
|
||||||
|
+ if (!rc)
|
||||||
|
+ WLog_ERR(TAG, "Error: Could not find user in SAM database");
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash)
|
||||||
@@ -15,10 +15,11 @@ PKGV = "${GITPKGVTAG}"
|
|||||||
|
|
||||||
SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
|
SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
|
||||||
SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
|
SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
|
||||||
file://winpr-makecert-Build-with-install-RPATH.patch \
|
file://winpr-makecert-Build-with-install-RPATH.patch \
|
||||||
file://CVE-2022-39316.patch \
|
file://CVE-2022-39316.patch \
|
||||||
file://CVE-2022-39318-39319.patch \
|
file://CVE-2022-39318-39319.patch \
|
||||||
"
|
file://CVE-2022-24883.patch \
|
||||||
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/git"
|
S = "${WORKDIR}/git"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user