new file mode 100644
@@ -0,0 +1,78 @@
+From 2fbc0cde4383a13089ccaddfb7ec60b2f740aab2 Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Thu, 18 Dec 2025 11:37:30 +0000
+Subject: [PATCH] CVE-2025-68670: Buffer overflow parsing domain
+
+A potential overflow in xrdp_wm_parse_domain_information() is
+addressed
+
+CVE: CVE-2025-68670
+Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/dd4b56c9873bd246ba3d815522b27d90c99fcc30]
+(cherry picked from commit dd4b56c9873bd246ba3d815522b27d90c99fcc30)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ xrdp/xrdp_login_wnd.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
+index 28748676..1fe9ea50 100644
+--- a/xrdp/xrdp_login_wnd.c
++++ b/xrdp/xrdp_login_wnd.c
+@@ -277,7 +277,8 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd)
+ */
+ static int
+ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
+- int decode, char *resultBuffer)
++ int decode,
++ char *resultBuffer, unsigned int resultSize)
+ {
+ int ret;
+ int pos;
+@@ -287,8 +288,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
+ /* If the first char in the domain name is '_' we use the domain
+ name as IP*/
+ ret = 0; /* default return value */
+- /* resultBuffer assumed to be 256 chars */
+- g_memset(resultBuffer, 0, 256);
++ g_memset(resultBuffer, 0, resultSize);
+ if (originalDomainInfo[0] == '_')
+ {
+ /* we try to locate a number indicating what combobox index the user
+@@ -298,7 +298,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
+ * Invalid chars are ignored in microsoft client therefore we use '_'
+ * again. this sec '__' contains the split for index.*/
+ pos = g_pos(&originalDomainInfo[1], "__");
+- if (pos > 0)
++ if (pos > 0 && (unsigned int)pos < resultSize)
+ {
+ /* an index is found we try to use it */
+ LOG(LOG_LEVEL_DEBUG, "domain contains index char __");
+@@ -325,7 +325,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
+ else
+ {
+ LOG(LOG_LEVEL_DEBUG, "domain does not contain _");
+- g_strncpy(resultBuffer, &originalDomainInfo[1], 255);
++ g_strncpy(resultBuffer, &originalDomainInfo[1], resultSize - 1);
+ }
+ }
+ return ret;
+@@ -450,7 +450,8 @@ xrdp_wm_show_edits(struct xrdp_wm *self, struct xrdp_bitmap *combo)
+ {
+ xrdp_wm_parse_domain_information(
+ self->session->client_info->domain,
+- combo->data_list->count, 0, resultIP);
++ combo->data_list->count, 0,
++ resultIP, sizeof(resultIP));
+ g_strncpy(b->caption1, resultIP, 255);
+ b->edit_pos = g_mbstowcs(0, b->caption1, 0);
+ }
+@@ -875,7 +876,8 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
+ combo->item_index = xrdp_wm_parse_domain_information(
+ self->session->client_info->domain,
+ combo->data_list->count, 1,
+- resultIP /* just a dummy place holder, we ignore */ );
++ resultIP,/* just a dummy place holder, we ignore */
++ sizeof(resultIP));
+ xrdp_wm_show_edits(self, combo);
+
+ return 0;
@@ -29,6 +29,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
file://CVE-2022-23493.patch \
file://CVE-2023-40184.patch \
file://CVE-2023-42822.patch \
+ file://CVE-2025-68670.patch \
"
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"