packages/freerdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!56 fix CVE-2022-39317 and CVE-2022-39320

Browse Source 
From: @zxccxz 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2022-11-28 07:04:51 +00:00 committed by Gitee
commit e39887efcc
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
3 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
CVE-2022-39316.patch → CVE-2022-39316_CVE-2022-39317.patch
View File

29
CVE-2022-39320.patch Normal file
View File

@ -0,0 +1,29 @@
From 68c6a8c1878b5294aecb04d5e27531a720b3793f Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Thu, 13 Oct 2022 08:36:26 +0200
Subject: [PATCH] Ensure urb_create_iocompletion uses size_t for calculation
(cherry picked from commit de7e0f062ee53d00b4a966a43855a716e3478150)
---
channels/urbdrc/client/data_transfer.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c
index 69879612692..d8725c02cf3 100644
--- a/channels/urbdrc/client/data_transfer.c
+++ b/channels/urbdrc/client/data_transfer.c
@@ -97,7 +97,13 @@ static wStream* urb_create_iocompletion(UINT32 InterfaceField, UINT32 MessageId,
UINT32 OutputBufferSize)
{
const UINT32 InterfaceId = (STREAM_ID_PROXY << 30) | (InterfaceField & 0x3FFFFFFF);
- wStream* out = Stream_New(NULL, OutputBufferSize + 28);
+
+#if UINT32_MAX >= SIZE_MAX
+ if (OutputBufferSize > UINT32_MAX - 28ull)
+ return NULL;
+#endif
+
+ wStream* out = Stream_New(NULL, OutputBufferSize + 28ull);
if (!out)
return NULL;

9
freerdp.spec
View File

@ -1,6 +1,6 @@
Name: freerdp Name: freerdp
Version: 2.8.1 Version: 2.8.1
Release: 2 Release: 3
Epoch: 2 Epoch: 2
Summary: A Remote Desktop Protocol Implementation Summary: A Remote Desktop Protocol Implementation
License: Apache-2.0 License: Apache-2.0
@ -11,8 +11,9 @@ Patch0001: Fix-freerdp-shadow-cli-exit-codes-for-help-and-version.patch
Patch0002: CVE-2022-39319.patch Patch0002: CVE-2022-39319.patch
Patch0003: CVE-2022-41877.patch Patch0003: CVE-2022-41877.patch
Patch0004: CVE-2022-39347.patch Patch0004: CVE-2022-39347.patch
Patch0005: CVE-2022-39316.patch Patch0005: CVE-2022-39316_CVE-2022-39317.patch
Patch0006: CVE-2022-39318.patch Patch0006: CVE-2022-39318.patch
Patch0007: CVE-2022-39320.patch
BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel BuildRequires: gcc gcc-c++ alsa-lib-devel cmake >= 2.8 cups-devel gsm-devel libXrandr-devel libXv-devel
BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel BuildRequires: libjpeg-turbo-devel libjpeg-turbo-devel libX11-devel libXcursor-devel libxkbfile-devel
@ -142,6 +143,10 @@ echo "%{_libdir}/freerdp2" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Fri Nov 25 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 2:2.8.1-3
- Fix CVE-2022-39320
- Fix CVE-2022-39317
* Tue Nov 22 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 2:2.8.1-2 * Tue Nov 22 2022 liyuxiang <liyuxiang@ncti-gba.cn> - 2:2.8.1-2
- Fix CVE-2022-39316 - Fix CVE-2022-39316
- Fix CVE-2022-39318 - Fix CVE-2022-39318