packages/freerdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-22211

Browse Source
This commit is contained in:
wk333 2024-01-24 14:16:32 +08:00
parent 85a53df91e
commit 0ff61789ed
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2024-22211.patch Normal file
View File

@ -0,0 +1,34 @@
From aeac3040cc99eeaff1e1171a822114c857b9dca9 Mon Sep 17 00:00:00 2001
From: Armin Novak <anovak@thincast.com>
Date: Sat, 13 Jan 2024 21:01:55 +0100
Subject: [PATCH] [codec,planar] check resolution for overflow
Origin: https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
If the codec resolution is too large return an error as the internal
buffers would otherwise overflow.
(cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853)
---
libfreerdp/codec/planar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
index b4815a632309..0a5ec581c6cc 100644
--- a/libfreerdp/codec/planar.c
+++ b/libfreerdp/codec/planar.c
@@ -1496,7 +1496,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32
context->bgr = FALSE;
context->maxWidth = PLANAR_ALIGN(width, 4);
context->maxHeight = PLANAR_ALIGN(height, 4);
- context->maxPlaneSize = context->maxWidth * context->maxHeight;
+ const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight;
+ if (tmp > UINT32_MAX)
+ return FALSE;
+ context->maxPlaneSize = tmp;
+
+ if (context->maxWidth > UINT32_MAX / 4)
+ return FALSE;
context->nTempStep = context->maxWidth * 4;
free(context->planesBuffer);
free(context->pTempData);

6
freerdp.spec
View File

@ -1,6 +1,6 @@
Name: freerdp Name: freerdp
Version: 2.11.1 Version: 2.11.1
Release: 1 Release: 2
Epoch: 2 Epoch: 2
Summary: A Remote Desktop Protocol Implementation Summary: A Remote Desktop Protocol Implementation
License: Apache-2.0 License: Apache-2.0
@ -8,6 +8,7 @@ URL: http://www.freerdp.com
Source0: https://github.com/FreeRDP/FreeRDP/releases/download/%{version}/freerdp-%{version}.tar.gz Source0: https://github.com/FreeRDP/FreeRDP/releases/download/%{version}/freerdp-%{version}.tar.gz
Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch
Patch0002: CVE-2024-22211.patch
BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel
BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel
@ -137,6 +138,9 @@ echo "%{_libdir}/freerdp2" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Jan 24 2024 wangkai <13474090681@163.com> - 2:2.11.1-2
- Fix CVE-2024-22211
* Wed Sep 06 2023 Funda Wang <fundawang@yeah.net> - 2:2.11.1-1 * Wed Sep 06 2023 Funda Wang <fundawang@yeah.net> - 2:2.11.1-1
- 2.11.1 - 2.11.1