Date: Wednesday, April 9, 2014 @ 13:40:03
Author: fyan
Revision: 109024
upgpkg: freerdp 1.0.2-5
- test patch for CVE-2014-0791
Added:
freerdp/trunk/CVE-2014-0791.patch
Modified:
freerdp/trunk/PKGBUILD
---------------------+
CVE-2014-0791.patch | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 9 +++--
2 files changed, 85 insertions(+), 3 deletions(-)
Added: CVE-2014-0791.patch
===================================================================
--- CVE-2014-0791.patch (rev 0)
+++ CVE-2014-0791.patch 2014-04-09 11:40:03 UTC (rev 109024)
@@ -0,0 +1,79 @@
+--- a/libfreerdp-core/license.h 2013-01-03 05:46:59.000000000 +0800
++++ b/libfreerdp-core/license.h 2014-04-09 19:11:59.593507658 +0800
+@@ -177,9 +177,9 @@
+
+ SCOPE_LIST* license_new_scope_list();
+ void license_free_scope_list(SCOPE_LIST* scopeList);
+-void license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList);
++boolean license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList);
+
+-void license_read_license_request_packet(rdpLicense* license, STREAM* s);
++boolean license_read_license_request_packet(rdpLicense* license, STREAM* s);
+ void license_read_platform_challenge_packet(rdpLicense* license, STREAM* s);
+ void license_read_new_license_packet(rdpLicense* license, STREAM* s);
+ void license_read_upgrade_license_packet(rdpLicense* license, STREAM* s);
+--- a/libfreerdp-core/license.c 2013-01-03 05:46:59.000000000 +0800
++++ b/libfreerdp-core/license.c 2014-04-09 19:11:59.593507658 +0800
+@@ -199,7 +199,8 @@
+ switch (bMsgType)
+ {
+ case LICENSE_REQUEST:
+- license_read_license_request_packet(license, s);
++ if(!license_read_license_request_packet(license, s))
++ return false;
+ license_send_new_license_request_packet(license);
+ break;
+
+@@ -533,13 +534,16 @@
+ * @param scopeList scope list
+ */
+
+-void license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList)
++boolean license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList)
+ {
+ uint32 i;
+ uint32 scopeCount;
+
+ stream_read_uint32(s, scopeCount); /* ScopeCount (4 bytes) */
+
++ if (scopeCount > stream_get_length(s) / 4) /* every blob is at least 4
bytes */
++ return false;
++
+ scopeList->count = scopeCount;
+ scopeList->array = (LICENSE_BLOB*) xmalloc(sizeof(LICENSE_BLOB) *
scopeCount);
+
+@@ -549,6 +553,7 @@
+ scopeList->array[i].type = BB_SCOPE_BLOB;
+ license_read_binary_blob(s, &scopeList->array[i]);
+ }
++ return true;
+ }
+
+ /**
+@@ -593,7 +598,7 @@
+ * @param s stream
+ */
+
+-void license_read_license_request_packet(rdpLicense* license, STREAM* s)
++boolean license_read_license_request_packet(rdpLicense* license, STREAM* s)
+ {
+ /* ServerRandom (32 bytes) */
+ stream_read(s, license->server_random, 32);
+@@ -608,7 +613,8 @@
+ license_read_binary_blob(s, license->server_certificate);
+
+ /* ScopeList */
+- license_read_scope_list(s, license->scope_list);
++ if(!license_read_scope_list(s, license->scope_list))
++ return false;
+
+ /* Parse Server Certificate */
+ certificate_read_server_certificate(license->certificate,
+@@ -617,6 +623,7 @@
+ license_generate_keys(license);
+ license_generate_hwid(license);
+ license_encrypt_premaster_secret(license);
++ return true;
+ }
+
+ /**
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-09 11:25:29 UTC (rev 109023)
+++ PKGBUILD 2014-04-09 11:40:03 UTC (rev 109024)
@@ -4,7 +4,7 @@
pkgname=freerdp
pkgver=1.0.2
-pkgrel=4
+pkgrel=5
pkgdesc="Free RDP client"
arch=('i686' 'x86_64')
url="http://freerdp.sourceforge.net";
@@ -16,15 +16,18 @@
changelog=${pkgname}.changelog
source=($pkgname-$pkgver.tar.gz::https://github.com/FreeRDP/FreeRDP/archive/$pkgver.tar.gz
ffmpeg2.0.patch
- patch_numblock.patch)
+ patch_numblock.patch
+ CVE-2014-0791.patch)
md5sums=('c260051a94caff590def5caa4fcf59d6'
'1260eecf01ea5212e2db8ac9c5e7fa6d'
- 'ac581d445ded7cdbd59082a48d9c28ac')
+ 'ac581d445ded7cdbd59082a48d9c28ac'
+ '62d0ab241c16ee5d85ff89183df9bbc0')
prepare() {
cd $srcdir/FreeRDP-$pkgver
patch -Np1 -i ../ffmpeg2.0.patch
patch -Np1 -i ../patch_numblock.patch
+ patch -Np1 -i ../CVE-2014-0791.patch
}
build() {
