Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481
Pick the patch that mentions this vulnerability explicitly. Signed-off-by: Gyorgy Sarvari <[email protected]> --- v2: fix upstream-sattus formatting .../xrdp/xrdp/CVE-2022-23481.patch | 46 +++++++++++++++++++ meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23481.patch diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23481.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23481.patch new file mode 100644 index 0000000000..bb2d3c8cfa --- /dev/null +++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23481.patch @@ -0,0 +1,46 @@ +From c77e974080da8267d902f99ca5ab7d22ea02d98c Mon Sep 17 00:00:00 2001 +From: matt335672 <[email protected]> +Date: Wed, 7 Dec 2022 10:40:25 +0000 +Subject: [PATCH] CVE-2022-23481 + +Add length checks to client confirm active PDU parsing + +CVE: CVE-2022-23481 +Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/c77e974080da8267d902f99ca5ab7d22ea02d98c] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + libxrdp/xrdp_caps.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/libxrdp/xrdp_caps.c b/libxrdp/xrdp_caps.c +index 5c5e74a579..ac21cc0a18 100644 +--- a/libxrdp/xrdp_caps.c ++++ b/libxrdp/xrdp_caps.c +@@ -667,13 +667,27 @@ xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s) + int len; + char *p; + ++ if (!s_check_rem_and_log(s, 10, ++ "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU" ++ " - header")) ++ { ++ return 1; ++ } + in_uint8s(s, 4); /* rdp_shareid */ + in_uint8s(s, 2); /* userid */ + in_uint16_le(s, source_len); /* sizeof RDP_SOURCE */ + in_uint16_le(s, cap_len); ++ ++ if (!s_check_rem_and_log(s, source_len + 2 + 2, ++ "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU" ++ " - header2")) ++ { ++ return 1; ++ } + in_uint8s(s, source_len); + in_uint16_le(s, num_caps); + in_uint8s(s, 2); /* pad */ ++ + LOG_DEVEL(LOG_LEVEL_TRACE, "Received [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU " + "shareID (ignored), originatorID (ignored), lengthSourceDescriptor %d, " + "lengthCombinedCapabilities %d, sourceDescriptor (ignored), " diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb index 55dab2e867..ff14cf8397 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb @@ -22,6 +22,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN file://CVE-2022-23479.patch \ file://CVE-2022-23480-1.patch \ file://CVE-2022-23480-2.patch \ + file://CVE-2022-23481.patch \ " SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122308): https://lists.openembedded.org/g/openembedded-devel/message/122308 Mute This Topic: https://lists.openembedded.org/mt/116609067/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
