diff mbox series

[meta-oe,kirkstone,3/5] freerdp: patch CVE-2024-22211

Message ID 20260122054356.3570391-3-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/5] freerdp: add ptest support | expand

Commit Message

Gyorgy Sarvari Jan. 22, 2026, 5:43 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22211

Pick the patch that is referenced by the NVD report as the solution.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp/CVE-2024-22211.patch      | 36 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.6.1.bb  |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch
new file mode 100644
index 0000000000..394094be16
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-22211.patch
@@ -0,0 +1,36 @@ 
+From 4d3dcfcf537a32ffbebbdba11a7b0748baec4e31 Mon Sep 17 00:00:00 2001
+From: Armin Novak <anovak@thincast.com>
+Date: Sat, 13 Jan 2024 21:01:55 +0100
+Subject: [PATCH] check resolution for overflow
+
+If the codec resolution is too large return an error as the internal
+buffers would otherwise overflow.
+
+(cherry picked from commit 44edab1deae4f8c901c00a00683f888cef36d853)
+
+CVE: CVE-2024-22211
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/planar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
+index 12b9f6daf..58d4e4bae 100644
+--- a/libfreerdp/codec/planar.c
++++ b/libfreerdp/codec/planar.c
+@@ -1486,7 +1486,13 @@ BOOL freerdp_bitmap_planar_context_reset(BITMAP_PLANAR_CONTEXT* context, UINT32
+ 	context->bgr = FALSE;
+ 	context->maxWidth = ALIGN(width, 4);
+ 	context->maxHeight = ALIGN(height, 4);
+-	context->maxPlaneSize = context->maxWidth * context->maxHeight;
++	const UINT64 tmp = (UINT64)context->maxWidth * context->maxHeight;
++	if (tmp > UINT32_MAX)
++	    return FALSE;
++	context->maxPlaneSize = tmp;
++
++	if (context->maxWidth > UINT32_MAX /4)
++	    return FALSE;
+ 	context->nTempStep = context->maxWidth * 4;
+ 	free(context->planesBuffer);
+ 	free(context->pTempData);
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index e422d46a81..9ad95e1700 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -31,6 +31,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2023-40181.patch \
            file://CVE-2023-40569.patch \
            file://CVE-2023-40589.patch \
+           file://CVE-2024-22211.patch \
            "
 
 S = "${WORKDIR}/git"