packages/freerdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2022-39317_CVE-2022-39320

Browse Source
This commit is contained in:
liyuxiang 2022-11-19 17:40:07 +08:00
parent 2974392f0d
commit 90d8192387
3 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
CVE-2022-39316.patch → CVE-2022-39316_CVE-2022-39317.patch
View File

29
CVE-2022-39320.patch Normal file
View File

@ -0,0 +1,29 @@
From 68c6a8c1878b5294aecb04d5e27531a720b3793f Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 13 Oct 2022 08:36:26 +0200
Subject: [PATCH] Ensure urb_create_iocompletion uses size_t for calculation
(cherry picked from commit de7e0f062ee53d00b4a966a43855a716e3478150)
---
channels/urbdrc/client/data_transfer.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c
index 69879612692..d8725c02cf3 100644
--- a/channels/urbdrc/client/data_transfer.c
+++ b/channels/urbdrc/client/data_transfer.c
@@ -97,7 +97,13 @@ static wStream* urb_create_iocompletion(UINT32 InterfaceField, UINT32 MessageId,
UINT32 OutputBufferSize)
{
const UINT32 InterfaceId = (STREAM_ID_PROXY << 30) | (InterfaceField & 0x3FFFFFFF);
- wStream* out = Stream_New(NULL, OutputBufferSize + 28);
+
+#if UINT32_MAX >= SIZE_MAX
+ if (OutputBufferSize > UINT32_MAX - 28ull)
+ return NULL;
+#endif
+
+ wStream* out = Stream_New(NULL, OutputBufferSize + 28ull);
if (!out)
return NULL;

9
freerdp.spec
View File

@ -1,6 +1,6 @@
Name: freerdp
Version: 2.8.1
Release: 2
Release: 3
Epoch: 2
Summary: A Remote Desktop Protocol Implementation
License: Apache-2.0
@ -11,8 +11,9 @@ Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch
Patch0002: CVE-2022-39319.patch
Patch0003: CVE-2022-41877.patch
Patch0004: CVE-2022-39347.patch
Patch0005: CVE-2022-39316.patch
Patch0005: CVE-2022-39316_CVE-2022-39317.patch
Patch0006: CVE-2022-39318.patch
Patch0007: CVE-2022-39320.patch
BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel
BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel
@ -142,6 +143,10 @@ echo "%{_libdir}/freerdp2" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_
%{_mandir}/*/*
%changelog
* Fri Nov 25 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 2:2.8.1-3
- Fix CVE-2022-39320
- Fix CVE-2022-39317
* Tue Nov 22 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 2:2.8.1-2
- Fix CVE-2022-39316
- Fix CVE-2022-39318