Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly. Signed-off-by: Gyorgy Sarvari <[email protected]> --- v2: fix upstream-sattus formatting .../xrdp/xrdp/CVE-2022-23477.patch | 38 +++++++++++++++++++ meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch new file mode 100644 index 0000000000..5c2b48a507 --- /dev/null +++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch @@ -0,0 +1,38 @@ +From d49f269af82be5f14b193d4edfcb63b547a16ff4 Mon Sep 17 00:00:00 2001 +From: matt335672 <[email protected]> +Date: Tue, 6 Dec 2022 11:31:31 +0000 +Subject: [PATCH] CVE-2022-23477 + +Prevent buffer overflow for oversized audio format from client + +CVE: CVE-2022-23477 +Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/d49f269af82be5f14b193d4edfcb63b547a16ff4] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + sesman/chansrv/audin.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/sesman/chansrv/audin.c b/sesman/chansrv/audin.c +index cd802fa519..36a8027a57 100644 +--- a/sesman/chansrv/audin.c ++++ b/sesman/chansrv/audin.c +@@ -181,15 +181,16 @@ audin_send_open(int chan_id) + int error; + int bytes; + struct stream *s; +- struct xr_wave_format_ex *wf; ++ struct xr_wave_format_ex *wf = g_client_formats[g_current_format]; + + LOG_DEVEL(LOG_LEVEL_INFO, "audin_send_open:"); + make_stream(s); +- init_stream(s, 8192); ++ /* wf->cbSize was checked when the format was received */ ++ init_stream(s, wf->cbSize + 64); ++ + out_uint8(s, MSG_SNDIN_OPEN); + out_uint32_le(s, 2048); /* FramesPerPacket */ + out_uint32_le(s, g_current_format); /* initialFormat */ +- wf = g_client_formats[g_current_format]; + out_uint16_le(s, wf->wFormatTag); + out_uint16_le(s, wf->nChannels); + out_uint32_le(s, wf->nSamplesPerSec); diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb index 5eca9d3bf6..91d4134789 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb @@ -17,6 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ file://0001-mark-count-with-unused-attribute.patch \ file://CVE-2022-23468.patch \ + file://CVE-2022-23477.patch \ " SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122304): https://lists.openembedded.org/g/openembedded-devel/message/122304 Mute This Topic: https://lists.openembedded.org/mt/116609062/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
