On 12/4/25 05:02, Anuj Mittal wrote: > On Thu, Dec 4, 2025 at 3:00 AM Gyorgy Sarvari via > lists.openembedded.org <[email protected]> > wrote: >> Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482 >> >> Pick the patch that mentions this vulnerability explicitly. >> >> Signed-off-by: Gyorgy Sarvari <[email protected]> >> --- >> .../xrdp/xrdp/CVE-2022-23482.patch | 69 +++++++++++++++++++ >> meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb | 1 + >> 2 files changed, 70 insertions(+) >> create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23482.patch >> >> diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23482.patch >> b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23482.patch >> new file mode 100644 >> index 0000000000..5c22701d35 >> --- /dev/null >> +++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23482.patch >> @@ -0,0 +1,69 @@ >> +From bb9766c79f24a0238644e273bbcdcb2c9d2df1bf Mon Sep 17 00:00:00 2001 >> +From: matt335672 <[email protected]> >> +Date: Wed, 7 Dec 2022 11:05:46 +0000 >> +Subject: [PATCH] CVE-2022-23482 >> + >> +Check minimum length of TS_UD_CS_CORE message >> + >> +CVE: CVE-2022-23482 >> +Upstream-Status: >> Backport[https://github.com/neutrinolabs/xrdp/commit/bb9766c79f24a0238644e273bbcdcb2c9d2df1bf] > This causes yocto-check-layer to fail for this and other patches in > this series with same issue:
D'oh, thanks, will send a v2. I wonder why did this not warn during regular QA checks on Scarthgap. > > AssertionError: 9 != 0 : Found following patches with malformed or > missing upstream status: > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23481.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23483.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23480-2.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23479.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23480-1.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23478.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch > /srv/pokybuild/yocto-worker/meta-oe/build/meta-openembedded/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23482.patch > > > >> +Signed-off-by: Gyorgy Sarvari <[email protected]> >> +--- >> + libxrdp/xrdp_sec.c | 23 ++++++++++++++++++++++- >> + 1 file changed, 22 insertions(+), 1 deletion(-) >> + >> +diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c >> +index 691d4f04f3..084fca6b8d 100644 >> +--- a/libxrdp/xrdp_sec.c >> ++++ b/libxrdp/xrdp_sec.c >> +@@ -1946,6 +1946,17 @@ xrdp_sec_send_fastpath(struct xrdp_sec *self, struct >> stream *s) >> + static int >> + xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec *self, struct stream *s) >> + { >> ++#define CS_CORE_MIN_LENGTH \ >> ++ (\ >> ++ 4 + /* Version */ \ >> ++ 2 + 2 + /* desktopWidth + desktopHeight */ \ >> ++ 2 + 2 + /* colorDepth + SASSequence */ \ >> ++ 4 + /* keyboardLayout */ \ >> ++ 4 + 32 + /* clientBuild + clientName */ \ >> ++ 4 + 4 + 4 + /* keyboardType + keyboardSubType + >> keyboardFunctionKey */ \ >> ++ 64 + /* imeFileName */ \ >> ++ 0) >> ++ >> + int version; >> + int colorDepth; >> + int postBeta2ColorDepth; >> +@@ -1956,7 +1967,12 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec >> *self, struct stream *s) >> + >> + UNUSED_VAR(version); >> + >> +- /* TS_UD_CS_CORE requiered fields */ >> ++ /* TS_UD_CS_CORE required fields */ >> ++ if (!s_check_rem_and_log(s, CS_CORE_MIN_LENGTH, >> ++ "Parsing [MS-RDPBCGR] TS_UD_CS_CORE")) >> ++ { >> ++ return 1; >> ++ } >> + in_uint32_le(s, version); >> + in_uint16_le(s, self->rdp_layer->client_info.width); >> + in_uint16_le(s, self->rdp_layer->client_info.height); >> +@@ -1994,6 +2010,10 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec >> *self, struct stream *s) >> + clientName); >> + >> + /* TS_UD_CS_CORE optional fields */ >> ++ if (!s_check_rem(s, 2)) >> ++ { >> ++ return 0; >> ++ } >> + in_uint16_le(s, postBeta2ColorDepth); >> + LOG_DEVEL(LOG_LEVEL_TRACE, "Received [MS-RDPBCGR] TS_UD_CS_CORE " >> + "<Optional Field> postBeta2ColorDepth %s", >> +@@ -2138,6 +2158,7 @@ xrdp_sec_process_mcs_data_CS_CORE(struct xrdp_sec >> *self, struct stream *s) >> + "<Optional Field> desktopOrientation (ignored)"); >> + >> + return 0; >> ++#undef CS_CORE_MIN_LENGTH >> + } >> + >> + >> /*****************************************************************************/ >> diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb >> b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb >> index ff14cf8397..29245f3747 100644 >> --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb >> +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb >> @@ -23,6 +23,7 @@ SRC_URI = >> "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN >> file://CVE-2022-23480-1.patch \ >> file://CVE-2022-23480-2.patch \ >> file://CVE-2022-23481.patch \ >> + file://CVE-2022-23482.patch \ >> " >> >> SRC_URI[sha256sum] = >> "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb" >> >> >>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122302): https://lists.openembedded.org/g/openembedded-devel/message/122302 Mute This Topic: https://lists.openembedded.org/mt/116602085/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
