mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
freerdp: patch CVE-2023-39351
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39351 Pick the patch that is mentioned by Debian[1] to solve the problem. [1]: https://security-tracker.debian.org/tracker/CVE-2023-39351 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
@@ -0,0 +1,30 @@
|
||||
From 4a6475e50797218dec507f75477d6c047b14e9f6 Mon Sep 17 00:00:00 2001
|
||||
From: Armin Novak <anovak@thincast.com>
|
||||
Date: Sat, 5 Aug 2023 09:29:19 +0200
|
||||
Subject: [PATCH] free content of currentMessage on fail
|
||||
|
||||
(cherry picked from commit e17ee48065d1ebcf863e8d0421cd656c4ef04d41)
|
||||
|
||||
CVE: CVE-2023-39351
|
||||
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5]
|
||||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||
---
|
||||
libfreerdp/codec/rfx.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c
|
||||
index 8c65e7508..3001f71bd 100644
|
||||
--- a/libfreerdp/codec/rfx.c
|
||||
+++ b/libfreerdp/codec/rfx.c
|
||||
@@ -1225,6 +1225,11 @@ BOOL rfx_process_message(RFX_CONTEXT* context, const BYTE* data, UINT32 length,
|
||||
region16_uninit(&clippingRects);
|
||||
return TRUE;
|
||||
}
|
||||
+ else
|
||||
+ {
|
||||
+ rfx_message_free(context, message);
|
||||
+ context->currentMessage.freeArray = TRUE;
|
||||
+ }
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
|
||||
file://CVE-2022-39282.patch \
|
||||
file://CVE-2022-39320.patch \
|
||||
file://CVE-2023-39350.patch \
|
||||
file://CVE-2023-39351.patch \
|
||||
"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
Reference in New Issue
Block a user