[oe][meta-oe][whinlatter][PATCH] xrdp: patch CVE-2025-68670

Ankur Tyagi via lists.openembedded.org Tue, 24 Feb 2026 15:59:46 -0800

From: Ankur Tyagi <[email protected]>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68670


Signed-off-by: Ankur Tyagi <[email protected]>
---
 .../xrdp/xrdp/CVE-2025-68670.patch            | 78 +++++++++++++++++++
 meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb   |  1 +
 2 files changed, 79 insertions(+)
 create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch

diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch 
b/meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch
new file mode 100644
index 0000000000..f0aaaf6718
--- /dev/null
+++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2025-68670.patch
@@ -0,0 +1,78 @@
+From 2fbc0cde4383a13089ccaddfb7ec60b2f740aab2 Mon Sep 17 00:00:00 2001
+From: matt335672 <[email protected]>
+Date: Thu, 18 Dec 2025 11:37:30 +0000
+Subject: [PATCH] CVE-2025-68670: Buffer overflow parsing domain
+
+A potential overflow in xrdp_wm_parse_domain_information() is
+addressed
+
+CVE: CVE-2025-68670
+Upstream-Status: Backport 
[https://github.com/neutrinolabs/xrdp/commit/dd4b56c9873bd246ba3d815522b27d90c99fcc30]
+(cherry picked from commit dd4b56c9873bd246ba3d815522b27d90c99fcc30)
+Signed-off-by: Ankur Tyagi <[email protected]>
+---
+ xrdp/xrdp_login_wnd.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
+index 28748676..1fe9ea50 100644
+--- a/xrdp/xrdp_login_wnd.c
++++ b/xrdp/xrdp_login_wnd.c
+@@ -277,7 +277,8 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd)
+ */
+ static int
+ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
+-                                 int decode, char *resultBuffer)
++                                 int decode,
++                                 char *resultBuffer, unsigned int resultSize)
+ {
+     int ret;
+     int pos;
+@@ -287,8 +288,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, 
int comboMax,
+     /* If the first char in the domain name is '_' we use the domain
+        name as IP*/
+     ret = 0; /* default return value */
+-    /* resultBuffer assumed to be 256 chars */
+-    g_memset(resultBuffer, 0, 256);
++    g_memset(resultBuffer, 0, resultSize);
+     if (originalDomainInfo[0] == '_')
+     {
+         /* we try to locate a number indicating what combobox index the user
+@@ -298,7 +298,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, 
int comboMax,
+          * Invalid chars are ignored in microsoft client therefore we use '_'
+          * again. this sec '__' contains the split for index.*/
+         pos = g_pos(&originalDomainInfo[1], "__");
+-        if (pos > 0)
++        if (pos > 0 && (unsigned int)pos < resultSize)
+         {
+             /* an index is found we try to use it */
+             LOG(LOG_LEVEL_DEBUG, "domain contains index char __");
+@@ -325,7 +325,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, 
int comboMax,
+         else
+         {
+             LOG(LOG_LEVEL_DEBUG, "domain does not contain _");
+-            g_strncpy(resultBuffer, &originalDomainInfo[1], 255);
++            g_strncpy(resultBuffer, &originalDomainInfo[1], resultSize - 1);
+         }
+     }
+     return ret;
+@@ -450,7 +450,8 @@ xrdp_wm_show_edits(struct xrdp_wm *self, struct 
xrdp_bitmap *combo)
+                     {
+                         xrdp_wm_parse_domain_information(
+                             self->session->client_info->domain,
+-                            combo->data_list->count, 0, resultIP);
++                            combo->data_list->count, 0,
++                            resultIP, sizeof(resultIP));
+                         g_strncpy(b->caption1, resultIP, 255);
+                         b->edit_pos = g_mbstowcs(0, b->caption1, 0);
+                     }
+@@ -875,7 +876,8 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
+     combo->item_index = xrdp_wm_parse_domain_information(
+                             self->session->client_info->domain,
+                             combo->data_list->count, 1,
+-                            resultIP /* just a dummy place holder, we ignore 
*/ );
++                            resultIP,/* just a dummy place holder, we ignore 
*/
++                            sizeof(resultIP));
+     xrdp_wm_show_edits(self, combo);
+ 
+     return 0;
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb 
b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
index bcadd03adf..ea63b932ae 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -29,6 +29,7 @@ SRC_URI = 
"https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
            file://CVE-2022-23493.patch \
            file://CVE-2023-40184.patch \
            file://CVE-2023-42822.patch \
+           file://CVE-2025-68670.patch \
            "
 
 SRC_URI[sha256sum] = 
"db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124602): 
https://lists.openembedded.org/g/openembedded-devel/message/124602
Mute This Topic: https://lists.openembedded.org/mt/117986652/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe][meta-oe][whinlatter][PATCH] xrdp: patch CVE-2025-68670

Reply via email to