diff mbox series

[meta-oe,kirkstone,5/5] freerdp: patch CVE-2024-32040

Message ID 20260122054356.3570391-5-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/5] freerdp: add ptest support | expand

Commit Message

Gyorgy Sarvari Jan. 22, 2026, 5:43 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32040

Pick the patch that is marked to resolve this vulnerability, from
the related Github advisory[1].

[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../freerdp/freerdp/CVE-2024-32040.patch      | 30 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.6.1.bb  |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch
new file mode 100644
index 0000000000..670cad23f0
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2024-32040.patch
@@ -0,0 +1,30 @@ 
+From a7e801f42a3a71332cca22aedccfcda378b8dfcc Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Tue, 16 Apr 2024 08:26:37 +0200
+Subject: [PATCH] fix missing check
+
+in nsc_rle_decode abort if there are more bytes to be read then there
+are left.
+
+(cherry picked from commit fb4f2d6e4db563077afcae4d270ba78ff905f6cf)
+
+CVE: CVE-2024-32040
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/5893b5f277db38b0040c572b078de838b84cfc07]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfreerdp/codec/nsc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libfreerdp/codec/nsc.c b/libfreerdp/codec/nsc.c
+index dc3a978ed..007364ee7 100644
+--- a/libfreerdp/codec/nsc.c
++++ b/libfreerdp/codec/nsc.c
+@@ -147,7 +147,7 @@ static BOOL nsc_rle_decode(BYTE* in, BYTE* out, UINT32 outSize, UINT32 originalS
+ 				len |= ((UINT32)(*in++)) << 24U;
+ 			}
+ 
+-			if (outSize < len)
++			if ((outSize < len) || (left < len))
+ 				return FALSE;
+ 
+ 			outSize -= len;
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index c616a55958..06aac0325f 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -33,6 +33,7 @@  SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2023-40589.patch \
            file://CVE-2024-22211.patch \
            file://CVE-2024-32039.patch \
+           file://CVE-2024-32040.patch \
            "
 
 S = "${WORKDIR}/git"