freerdp: patch CVE-2022-39320

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39320 Take the patch that Debian has determined[1] to solve the issue. [1]: https://security-tracker.debian.org/tracker/CVE-2022-39320 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-14 05:49:57 +00:00 · 2026-01-20 07:48:02 +01:00
parent 8cea479b35
commit f0e689ff4d
2 changed files with 34 additions and 0 deletions
@@ -0,0 +1,33 @@
+From e9bbd8de33f8640abbd578fb511180853c4dccba Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Thu, 13 Oct 2022 08:36:26 +0200
+Subject: [PATCH] Ensure urb_create_iocompletion uses size_t for calculation
+
+(cherry picked from commit de7e0f062ee53d00b4a966a43855a716e3478150)
+
+CVE: CVE-2022-39320
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/68c6a8c1878b5294aecb04d5e27531a720b3793f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ channels/urbdrc/client/data_transfer.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c
+index 9a44e6e09..82fdc729e 100644
+--- a/channels/urbdrc/client/data_transfer.c
+++ b/channels/urbdrc/client/data_transfer.c
+@@ -97,7 +97,13 @@ static wStream* urb_create_iocompletion(UINT32 InterfaceField, UINT32 MessageId,
+                                         UINT32 OutputBufferSize)
+ {
+ 	const UINT32 InterfaceId = (STREAM_ID_PROXY << 30) | (InterfaceField & 0x3FFFFFFF);
+-	wStream* out = Stream_New(NULL, OutputBufferSize + 28);
+
+#if UINT32_MAX >= SIZE_MAX
+	if (OutputBufferSize > UINT32_MAX - 28ull)
+		return NULL;
+#endif
+
+	wStream* out = Stream_New(NULL, OutputBufferSize + 28ull);
+ 
+ 	if (!out)
+ 		return NULL;
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
           file://CVE-2022-39318-39319.patch \
           file://CVE-2022-24883.patch \
           file://CVE-2022-39282.patch \
+           file://CVE-2022-39320.patch \
           "

 S = "${WORKDIR}/git"