diff mbox series

[meta-oe,scarthgap,2/2] freerdp3: patch CVE-2025-68118

Message ID 20251224060150.1294484-2-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/2] cups-filters: patch CVE-2025-64524 | expand

Commit Message

Ankur Tyagi Dec. 24, 2025, 6:01 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2025-68118

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../freerdp/freerdp3/CVE-2025-68118.patch     | 57 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp3_3.4.0.bb |  1 +
 2 files changed, 58 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
new file mode 100644
index 0000000000..8077d61292
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
@@ -0,0 +1,57 @@ 
+From 054ff633bb1eac3d165a501d5eb691af1faf0538 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 13 Dec 2025 17:28:43 +0100
+Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation
+
+CVE: CVE-2025-68118
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d96a81f320cb8a047fd4ef059a6fe4016dbeec]
+(cherry picked from commit 83d96a81f320cb8a047fd4ef059a6fe4016dbeec)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ libfreerdp/crypto/certificate_data.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c
+index a48beb448..6408d5d3c 100644
+--- a/libfreerdp/crypto/certificate_data.c
++++ b/libfreerdp/crypto/certificate_data.c
+@@ -33,6 +33,8 @@
+ #include <freerdp/crypto/certificate_data.h>
+ 
+ #include "certificate.h"
++#include <freerdp/log.h>
++#define TAG FREERDP_TAG("crypto.certificate_data")
+ 
+ #include <freerdp/log.h>
+ #define TAG FREERDP_TAG("crypto")
+@@ -64,8 +66,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
+ 	WINPR_ASSERT(data);
+ 
+ 	freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash,
+-	                               sizeof(data->cached_hash));
+-	if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0)
++	                               sizeof(data->cached_hash) - 1);
++	const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash));
++	if ((len == 0) || (len >= sizeof(data->cached_hash)))
+ 		goto fail;
+ 
+ 	data->cached_subject = freerdp_certificate_get_subject(data->cert);
+@@ -97,6 +100,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn
+ 
+ 	if (!hostname || !xcert)
+ 		goto fail;
++	if (strnlen(hostname, MAX_PATH) >= MAX_PATH)
++	{
++		WLog_ERR(TAG, "hostname exceeds length limits");
++		goto fail;
++	}
+ 
+ 	certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData));
+ 
+@@ -251,5 +259,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port)
+ {
+ 	char name[MAX_PATH + 10] = { 0 };
+ 	freerdp_certificate_data_hash_(hostname, port, name, sizeof(name));
+-	return _strdup(name);
++	return strndup(name, sizeof(name));
+ }
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
index 3558697d42..b9ec75236b 100644
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@@ -20,6 +20,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
            file://CVE-2024-32661.patch \
            file://CVE-2024-32662.patch \
            file://CVE-2025-4478.patch \
+           file://CVE-2025-68118.patch \
            "
 
 S = "${WORKDIR}/git"