Source: xrdp
Version: 0.9.17-2
Severity: wishlist
Tags: patch
User: de...@kali.org
Usertags: origin-kali
Hello,
I have just uploaded an NMU prepared by a Kali contributor (in the NM
queue). Please find the relevant "git am" patches attached. (The two
patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp)
It fixes CVE-2022-23613 and nothing else.
I noticed that you have open MR on Gitlab that it would be good to handle.
There's a former NMU that was never acked and that doesn't appear in
debian/changelog.
https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500,
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.16.0-5-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--
Raphaël Hertzog
>From 6b20339946d23bae9848c00533d006a35ba16990 Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout
Date: Fri, 1 Apr 2022 08:25:06 +0700
Subject: [PATCH 1/3] Import upstream patch to fix CVE-2022-23613 (Closes:
#1005304)
---
debian/patches/cve-2022-23613.diff | 47 ++
debian/patches/series | 1 +
2 files changed, 48 insertions(+)
create mode 100644 debian/patches/cve-2022-23613.diff
diff --git a/debian/patches/cve-2022-23613.diff b/debian/patches/cve-2022-23613.diff
new file mode 100644
index ..0a5ebdf1
--- /dev/null
+++ b/debian/patches/cve-2022-23613.diff
@@ -0,0 +1,47 @@
+From: matt335672 <30179339+matt335...@users.noreply.github.com>
+Date: Wed, 2 Feb 2022 10:39:50 +
+Subject: [PATCH] Add lower bound to sesman data input size check
+Origin: upstream, https://github.com/neutrinolabs/xrdp/commit/4def30ab
+
+---
+ sesman/sesman.c | 8 +---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/sesman.c b/sesman/sesman.c
+index a85769053..e2b057e6a 100644
+--- a/sesman/sesman.c
b/sesman/sesman.c
+@@ -276,6 +276,7 @@ sesman_close_all(void)
+ static int
+ sesman_data_in(struct trans *self)
+ {
++#define HEADER_SIZE 8
+ int version;
+ int size;
+
+@@ -283,9 +284,9 @@ sesman_data_in(struct trans *self)
+ {
+ in_uint32_be(self->in_s, version);
+ in_uint32_be(self->in_s, size);
+-if (size > self->in_s->size)
++if (size < HEADER_SIZE || size > self->in_s->size)
+ {
+-LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
++LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
+ return 1;
+ }
+ self->header_size = size;
+@@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
+ return 1;
+ }
+ /* reset for next message */
+-self->header_size = 8;
++self->header_size = HEADER_SIZE;
+ self->extra_flags = 0;
+ init_stream(self->in_s, 0); /* Reset input stream pointers */
+ }
+ return 0;
++#undef HEADER_SIZE
+ }
+
+ /**/
diff --git a/debian/patches/series b/debian/patches/series
index ecf3e815..a3757c8a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ pulse-debian.patch
var-run.diff
document-certs.diff
fix-environment.diff
+cve-2022-23613.diff
--
2.35.1
>From a0e029b28413f8900845e9e7135c252885b6d5ae Mon Sep 17 00:00:00 2001
From: Arnaud Rebillout
Date: Fri, 1 Apr 2022 09:34:56 +0700
Subject: [PATCH 2/3] Update changelog for 0.9.17-2.1 release
---
debian/changelog | 6 ++
1 file changed, 6 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5773a467..527cfa87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+xrdp (0.9.17-2.1) unstable; urgency=medium
+
+ * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
+
+ -- Arnaud Rebillout Fri, 01 Apr 2022 09:34:47 +0700
+
xrdp (0.9.17-2) unstable; urgency=medium
* Initialise the environment properly (Closes: #996418, #984782)
--
2.35.1
>From 9f4ac4afcee73ce567e5734ba2cacfd1789fb23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?=
Date: Fri, 1 Apr 2022 08:44:24 +0200
Subject: [PATCH 3/3] Add non-maintainer upload to changelog entry.
---
debian/changelog | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/changelog b/debian/changelog
index 527cfa87..1a502830 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
xrdp (0.9.17-2.1) unstable; urgency=medium
+ * Non-maintainer upload.
* Import upstream patch to fix CVE-2022-23613 (Closes: #1005304)
-- Arnaud Rebillout Fri, 01 Apr 2022 09:34:47 +0700
--
2.35.1