Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22211
Pick the patch that is referenced by the NVD report as the solution. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp/CVE-2024-22211.patch | 36 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch new file mode 100644 index 0000000000..394094be16 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch @@ -0,0 +1,36 @@ +From 4d3dcfcf537a32ffbebbdba11a7b0748baec4e31 Mon Sep 17 00:00:00 2001 +From: Armin Novak <[email protected]> +Date: Sat, 13 Jan 2024 21:01:55 +0100 +Subject: [PATCH] check resolution for overflow + +If the codec resolution is too large return an error as the internal +buffers would otherwise overflow. + +(cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853) + +CVE: CVE-2024-22211 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + libfreerdp/codec/planar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c +index 12b9f6daf..58d4e4bae 100644 +--- a/libfreerdp/codec/planar.c ++++ b/libfreerdp/codec/planar.c +@@ -1486,7 +1486,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32 + context->bgr = FALSE; + context->maxWidth = ALIGN(width, 4); + context->maxHeight = ALIGN(height, 4); +- context->maxPlaneSize = context->maxWidth * context->maxHeight; ++ const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight; ++ if (tmp > UINT32_MAX) ++ return FALSE; ++ context->maxPlaneSize = tmp; ++ ++ if (context->maxWidth > UINT32_MAX /4) ++ return FALSE; + context->nTempStep = context->maxWidth * 4; + free(context->planesBuffer); + free(context->pTempData); diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index e422d46a81..9ad95e1700 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -31,6 +31,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2023-40181.patch \ file://CVE-2023-40569.patch \ file://CVE-2023-40589.patch \ + file://CVE-2024-22211.patch \ " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123727): https://lists.openembedded.org/g/openembedded-devel/message/123727 Mute This Topic: https://lists.openembedded.org/mt/117395641/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
