Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32040
Pick the patch that is marked to resolve this vulnerability, from the related Github advisory[1]. [1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp/CVE-2024-32040.patch | 30 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch new file mode 100644 index 0000000000..670cad23f0 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch @@ -0,0 +1,30 @@ +From a7e801f42a3a71332cca22aedccfcda378b8dfcc Mon Sep 17 00:00:00 2001 +From: akallabeth <[email protected]> +Date: Tue, 16 Apr 2024 08:26:37 +0200 +Subject: [PATCH] fix missing check + +in nsc_rle_decode abort if there are more bytes to be read then there +are left. + +(cherry picked from commit fb4f2d6e4db563077afcae4d270ba78ff905f6cf) + +CVE: CVE-2024-32040 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + libfreerdp/codec/nsc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c +index dc3a978ed..007364ee7 100644 +--- a/libfreerdp/codec/nsc.c ++++ b/libfreerdp/codec/nsc.c +@@ -147,7 +147,7 @@ static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalS + len |= ((UINT32)(*in++)) << 24U; + } + +- if (outSize < len) ++ if ((outSize < len) || (left < len)) + return FALSE; + + outSize -= len; diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index c616a55958..06aac0325f 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-40589.patch \ file://CVE-2024-22211.patch \ file://CVE-2024-32039.patch \ + file://CVE-2024-32040.patch \ " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123729): https://lists.openembedded.org/g/openembedded-devel/message/123729 Mute This Topic: https://lists.openembedded.org/mt/117395643/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
