diff mbox series

[meta-oe,kirkstone,1/5] freerdp: patch CVE-2022-24883

Message ID 20260120064803.831507-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/5] freerdp: patch CVE-2022-24883 | expand

Commit Message

Gyorgy Sarvari Jan. 20, 2026, 6:47 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24883

Pick the patch that is mentioned in teh NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp/CVE-2022-24883.patch      | 102 ++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.6.1.bb  |   9 +-
 2 files changed, 107 insertions(+), 4 deletions(-)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch
new file mode 100644
index 0000000000..12f5efd8e7
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch
@@ -0,0 +1,102 @@ 
+From 3912ccfe5bac0db647b9e1c26b50e75055aee4b9 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Fri, 22 Apr 2022 14:42:11 +0200
+Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash
+
+(cherry picked from commit 4661492e5a617199457c8074bad22f766a116cdc)
+
+CVE: CVE-2022-24883
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 60 ++++++++++---------------
+ 1 file changed, 24 insertions(+), 36 deletions(-)
+
+diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+index dbd7f7fb0..48c07d5c1 100644
+--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
++++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+@@ -206,59 +206,47 @@ void ntlm_generate_timestamp(NTLM_CONTEXT* context)
+ 		ntlm_current_time(context->Timestamp);
+ }
+ 
+-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
++static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
+ {
+-	WINPR_SAM* sam;
+-	WINPR_SAM_ENTRY* entry;
++	BOOL rc = FALSE;
++	WINPR_SAM* sam = NULL;
++	WINPR_SAM_ENTRY* entry = NULL;
+ 	SSPI_CREDENTIALS* credentials = context->credentials;
+ 	sam = SamOpen(context->SamFile, TRUE);
+ 
+ 	if (!sam)
+-		return -1;
++		goto fail;
+ 
+ 	entry = SamLookupUserW(
+-	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2,
+-	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2);
++	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR),
++	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR));
+ 
+-	if (entry)
++	if (!entry)
+ 	{
+-#ifdef WITH_DEBUG_NTLM
+-		WLog_DBG(TAG, "NTLM Hash:");
+-		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
+-#endif
+-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
+-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
+-		SamFreeEntry(sam, entry);
+-		SamClose(sam);
+-		return 1;
++		entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
++				       credentials->identity.UserLength * sizeof(WCHAR), NULL, 0);
+ 	}
+ 
+-	entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
+-	                       credentials->identity.UserLength * 2, NULL, 0);
+-
+-	if (entry)
+-	{
++	if (!entry)
++		goto fail;
+ #ifdef WITH_DEBUG_NTLM
+ 		WLog_DBG(TAG, "NTLM Hash:");
+ 		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
+ #endif
+-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
+-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
+-		SamFreeEntry(sam, entry);
+-		SamClose(sam);
+-		return 1;
+-	}
+-	else
+-	{
+-		SamClose(sam);
+-		WLog_ERR(TAG, "Error: Could not find user in SAM database");
+-		return 0;
+-	}
++	    NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
++			     credentials->identity.UserLength * sizeof(WCHAR),
++			     (LPWSTR)credentials->identity.Domain,
++			     credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash);
++
++	    rc = TRUE;
+ 
++fail:
++	SamFreeEntry(sam, entry);
+ 	SamClose(sam);
+-	return 1;
++	if (!rc)
++		WLog_ERR(TAG, "Error: Could not find user in SAM database");
++
++	return rc;
+ }
+ 
+ static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash)
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index 9da8b27c0d..2271be3c6c 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -15,10 +15,11 @@  PKGV = "${GITPKGVTAG}"
 
 SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1"
 SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
-    file://winpr-makecert-Build-with-install-RPATH.patch \
-    file://CVE-2022-39316.patch \
-    file://CVE-2022-39318-39319.patch \
-"
+           file://winpr-makecert-Build-with-install-RPATH.patch \
+           file://CVE-2022-39316.patch \
+           file://CVE-2022-39318-39319.patch \
+           file://CVE-2022-24883.patch \
+           "
 
 S = "${WORKDIR}/git"