From: Ankur Tyagi <[email protected]> Details https://nvd.nist.gov/vuln/detail/CVE-2025-68118
Signed-off-by: Ankur Tyagi <[email protected]> --- .../freerdp/freerdp3/CVE-2025-68118.patch | 57 +++++++++++++++++++ .../recipes-support/freerdp/freerdp3_3.4.0.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch new file mode 100644 index 0000000000..8077d61292 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch @@ -0,0 +1,57 @@ +From 054ff633bb1eac3d165a501d5eb691af1faf0538 Mon Sep 17 00:00:00 2001 +From: akallabeth <[email protected]> +Date: Sat, 13 Dec 2025 17:28:43 +0100 +Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation + +CVE: CVE-2025-68118 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d96a81f320cb8a047fd4ef059a6fe4016dbeec] +(cherry picked from commit 83d96a81f320cb8a047fd4ef059a6fe4016dbeec) +Signed-off-by: Ankur Tyagi <[email protected]> +--- + libfreerdp/crypto/certificate_data.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c +index a48beb448..6408d5d3c 100644 +--- a/libfreerdp/crypto/certificate_data.c ++++ b/libfreerdp/crypto/certificate_data.c +@@ -33,6 +33,8 @@ + #include <freerdp/crypto/certificate_data.h> + + #include "certificate.h" ++#include <freerdp/log.h> ++#define TAG FREERDP_TAG("crypto.certificate_data") + + #include <freerdp/log.h> + #define TAG FREERDP_TAG("crypto") +@@ -64,8 +66,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data) + WINPR_ASSERT(data); + + freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash, +- sizeof(data->cached_hash)); +- if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0) ++ sizeof(data->cached_hash) - 1); ++ const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash)); ++ if ((len == 0) || (len >= sizeof(data->cached_hash))) + goto fail; + + data->cached_subject = freerdp_certificate_get_subject(data->cert); +@@ -97,6 +100,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn + + if (!hostname || !xcert) + goto fail; ++ if (strnlen(hostname, MAX_PATH) >= MAX_PATH) ++ { ++ WLog_ERR(TAG, "hostname exceeds length limits"); ++ goto fail; ++ } + + certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData)); + +@@ -251,5 +259,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port) + { + char name[MAX_PATH + 10] = { 0 }; + freerdp_certificate_data_hash_(hostname, port, name, sizeof(name)); +- return _strdup(name); ++ return strndup(name, sizeof(name)); + } diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index 3558697d42..b9ec75236b 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ file://CVE-2024-32661.patch \ file://CVE-2024-32662.patch \ file://CVE-2025-4478.patch \ + file://CVE-2025-68118.patch \ " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122844): https://lists.openembedded.org/g/openembedded-devel/message/122844 Mute This Topic: https://lists.openembedded.org/mt/116926051/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
