new file mode 100644
@@ -0,0 +1,73 @@
+From 322d11b431e4773f77aaeb764571a3a8d60f9fca Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Sat, 19 Aug 2023 13:26:44 +0100
+Subject: [PATCH] [v0.9] Check auth_start_session() result
+
+CVE: CVE-2023-40184
+Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/8c5b7cdff3929dc59c5f13e33cec839ed45d1c34]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ sesman/session.c | 7 ++++++-
+ sesman/verify_user_pam.c | 24 ++++++++++++++++++++++--
+ 2 files changed, 28 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/session.c b/sesman/session.c
+index 441f8d3a60..d352f5e859 100644
+--- a/sesman/session.c
++++ b/sesman/session.c
+@@ -526,7 +526,12 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
+ g_delete_wait_obj(g_sigchld_event);
+ g_delete_wait_obj(g_term_event);
+
+- auth_start_session(data, display);
++ if (auth_start_session(data, display) != 0)
++ {
++ // Errors are logged by the auth module, as they are
++ // specific to that module
++ g_exit(1);
++ }
+ sesman_close_all();
+ g_sprintf(geometry, "%dx%d", s->width, s->height);
+ g_sprintf(depth, "%d", s->bpp);
+diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
+index a34d83cd7d..ed17397fc3 100644
+--- a/sesman/verify_user_pam.c
++++ b/sesman/verify_user_pam.c
+@@ -316,8 +316,8 @@ auth_userpass(const char *user, const char *pass, int *errorcode)
+
+ /******************************************************************************/
+ /* returns error */
+-int
+-auth_start_session(long in_val, int in_display)
++static int
++auth_start_session_private(long in_val, int in_display)
+ {
+ struct t_auth_info *auth_info;
+ int error;
+@@ -357,6 +357,26 @@ auth_start_session(long in_val, int in_display)
+ return 0;
+ }
+
++/******************************************************************************/
++/**
++ * Main routine to start a session
++ *
++ * Calls the private routine and logs an additional error if the private
++ * routine fails
++ */
++int
++auth_start_session(long in_val, int in_display)
++{
++ int result = auth_start_session_private(in_val, in_display);
++ if (result != 0)
++ {
++ LOG(LOG_LEVEL_ERROR,
++ "Can't start PAM session. See PAM logging for more info");
++ }
++
++ return result;
++}
++
+ /******************************************************************************/
+ /* returns error */
+ int
@@ -27,6 +27,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
file://CVE-2022-23483.patch \
file://CVE-2022-23484.patch \
file://CVE-2022-23493.patch \
+ file://CVE-2023-40184.patch \
"
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184 Pick the patch that is associated with the github advisory[1], which is a backported version of the patch that is referenced by the nvd report. [1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../xrdp/xrdp/CVE-2023-40184.patch | 73 +++++++++++++++++++ meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb | 1 + 2 files changed, 74 insertions(+) create mode 100644 meta-oe/recipes-support/xrdp/xrdp/CVE-2023-40184.patch