From patchwork Tue Jan 20 06:47:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73513D2ED0F for ; Tue, 20 Jan 2026 06:48:12 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1310.1768891686881654050 for ; Mon, 19 Jan 2026 22:48:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=JPXac7U2; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4801c731d0aso28922235e9.1 for ; Mon, 19 Jan 2026 22:48:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768891685; x=1769496485; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=MIbqigSgchYZkkw6a0F91WmRbwtGgaHQFt2b/odxtY4=; b=JPXac7U2lAo0uGfYsS49WCcqPUDZPoU5a/TMbRi7DYM/sIC4nF56Wik3Rgi9tdOR4H zr4xuUzd9PYwpmTIkgBKR8pGCsj29P/soPEXDrUf56NY+FyRmBjIQYbk37M7WZiRxoCj xdJGV4Ru6b0oA6W0b6qXg50NvkINJaN6qBYwAnBU7V4E4hQzLJDk/jQQbAzf62LLgiGx kHRjuIZoh27A2Rbp8/VujuHJwNSZ0gQnZCo3yR9wIO0zOCeo2KOfgaCBmmsWwoossR29 8OiSZhyTEanEMyrJJTPMQ6HTVmeHCoYwPWWkwH+3gEkrKDTlE4wpw77cVx58qnsjS6jx cG7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768891685; x=1769496485; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MIbqigSgchYZkkw6a0F91WmRbwtGgaHQFt2b/odxtY4=; b=Ztd12z1iVl/rIuaxcsA3sbmTwSuHPodlva0Hk9bj37EbY8gF+H4RcZaADd/dy9ZEBH QFg3o8p85NtGwT4kaahMIK8AnKzxH9lqltoVmMImYdbTpxBAgB9Eyx2Npm0MdRjOaq2g ak2Ekr7s5zGwl5fgtdpZjvi868Piu/IYW7DfKY7NO4oCOcdAo//fnFnxd+uPwrR/cNV/ 4LHbmAZ8SOmAAC1fUkCE7BexfI2n0mQGxQoRBLKl5NRMmiafSqxU9L4vimd24TUuecZV 9+ze9739lTg+NUC22oDLkp9tfYXY8bpuT3dL1SsAc6FfbNNiaoUptZ2O7/OmqD7Rlg1x mH0Q== X-Gm-Message-State: AOJu0YzgZ83P/82XeQ/FLELo3b+OpY+0yffs+z5adkPzPTp2ijiKExyC AiGu7Mej9H4Fbj47/8H3HXGezzTOQgj2mNzTN2UqakbOU7oH68NFFgWtWmynTw== X-Gm-Gg: AY/fxX5L0aPrkO7vvXrfr7p7OKuI4KOK9IobWaIkBxQ82rHoMBVF+3wWlYsmWoa7yuZ QfW1fRoKjYg6ITU41FeJkuVJXR4pxQQP5sdjSMEUMsu55/8wXRVsQweakZ+rkjeo6037RfLcTbj dYHG7Ogd6nkLyGqEJLHkwgEyENVFlJKhB5kjzvmpeVVlt3E1oyKEPkeKfpRnd+E2A5pZv5+UGTL ovpSwU3LXyOBn6LbR/9hyul5N2flHJN/QWPvEtYVTzHUzoq8LHPOjr+P01N3QgSlbdtuK3hoFsg v5RzIhQ1m4JuV6wscXmvR0yJaGzliH7hkvwWdCzpcwHsh4ypQ0t8U9Hd6QoSrJsJubNmHQ/7kaM PT0pZylp/VbUUrzL/VhuRD17wb3ZHfnzdHE4ZQI4NGZSa2Ftx9Xt+VCL4CSgWmL9Io31zAfwnmP cOx8SStbFU X-Received: by 2002:a05:600c:c4a5:b0:47e:e7e5:ff32 with SMTP id 5b1f17b1804b1-4802721c0eamr138644165e9.34.1768891684918; Mon, 19 Jan 2026 22:48:04 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43569997f41sm26469633f8f.38.2026.01.19.22.48.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 22:48:04 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/5] freerdp: patch CVE-2022-24883 Date: Tue, 20 Jan 2026 07:47:59 +0100 Message-ID: <20260120064803.831507-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 06:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123654 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24883 Pick the patch that is mentioned in teh NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2022-24883.patch | 102 ++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 9 +- 2 files changed, 107 insertions(+), 4 deletions(-) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch new file mode 100644 index 0000000000..12f5efd8e7 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-24883.patch @@ -0,0 +1,102 @@ +From 3912ccfe5bac0db647b9e1c26b50e75055aee4b9 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Fri, 22 Apr 2022 14:42:11 +0200 +Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash + +(cherry picked from commit 4661492e5a617199457c8074bad22f766a116cdc) + +CVE: CVE-2022-24883 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144] +Signed-off-by: Gyorgy Sarvari +--- + winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 60 ++++++++++--------------- + 1 file changed, 24 insertions(+), 36 deletions(-) + +diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c +index dbd7f7fb0..48c07d5c1 100644 +--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c ++++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c +@@ -206,59 +206,47 @@ void ntlm_generate_timestamp(NTLM_CONTEXT* context) + ntlm_current_time(context->Timestamp); + } + +-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash) ++static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash) + { +- WINPR_SAM* sam; +- WINPR_SAM_ENTRY* entry; ++ BOOL rc = FALSE; ++ WINPR_SAM* sam = NULL; ++ WINPR_SAM_ENTRY* entry = NULL; + SSPI_CREDENTIALS* credentials = context->credentials; + sam = SamOpen(context->SamFile, TRUE); + + if (!sam) +- return -1; ++ goto fail; + + entry = SamLookupUserW( +- sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2, +- (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2); ++ sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR), ++ (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR)); + +- if (entry) ++ if (!entry) + { +-#ifdef WITH_DEBUG_NTLM +- WLog_DBG(TAG, "NTLM Hash:"); +- winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16); +-#endif +- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User, +- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain, +- credentials->identity.DomainLength * 2, (BYTE*)hash); +- SamFreeEntry(sam, entry); +- SamClose(sam); +- return 1; ++ entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User, ++ credentials->identity.UserLength * sizeof(WCHAR), NULL, 0); + } + +- entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User, +- credentials->identity.UserLength * 2, NULL, 0); +- +- if (entry) +- { ++ if (!entry) ++ goto fail; + #ifdef WITH_DEBUG_NTLM + WLog_DBG(TAG, "NTLM Hash:"); + winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16); + #endif +- NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User, +- credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain, +- credentials->identity.DomainLength * 2, (BYTE*)hash); +- SamFreeEntry(sam, entry); +- SamClose(sam); +- return 1; +- } +- else +- { +- SamClose(sam); +- WLog_ERR(TAG, "Error: Could not find user in SAM database"); +- return 0; +- } ++ NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User, ++ credentials->identity.UserLength * sizeof(WCHAR), ++ (LPWSTR)credentials->identity.Domain, ++ credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash); ++ ++ rc = TRUE; + ++fail: ++ SamFreeEntry(sam, entry); + SamClose(sam); +- return 1; ++ if (!rc) ++ WLog_ERR(TAG, "Error: Could not find user in SAM database"); ++ ++ return rc; + } + + static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash) diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 9da8b27c0d..2271be3c6c 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -15,10 +15,11 @@ PKGV = "${GITPKGVTAG}" SRCREV = "658a72980f6e93241d927c46cfa664bf2547b8b1" SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \ - file://winpr-makecert-Build-with-install-RPATH.patch \ - file://CVE-2022-39316.patch \ - file://CVE-2022-39318-39319.patch \ -" + file://winpr-makecert-Build-with-install-RPATH.patch \ + file://CVE-2022-39316.patch \ + file://CVE-2022-39318-39319.patch \ + file://CVE-2022-24883.patch \ + " S = "${WORKDIR}/git" From patchwork Tue Jan 20 06:48:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79119 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7276AD2ECF7 for ; Tue, 20 Jan 2026 06:48:12 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1311.1768891687297671372 for ; Mon, 19 Jan 2026 22:48:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nDT/E2iL; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47ee937ecf2so35608595e9.0 for ; Mon, 19 Jan 2026 22:48:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768891686; x=1769496486; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Wbc3Cmh+J5DTokoRdv7KmNm39Q0ZIs6FEim2iJqp8TM=; b=nDT/E2iLl4Q92SsP/kAaqqGHlnkvLjFuclJiFsUBRAyoLj8GVa5FsYnJJgbHP+7qmQ uUGTcGW8ue+FrpHr5H2XFfgJRX9byqyzbWe2xhA9oRilEhv1MDUZ2f5nsrMB7U6ZyEdP 7tu7Gw8IHA/lMsx4rOQMLlfzrrwtwnCp1MOV851WNE4zFOTaX/3bP1/FHnJFxyAfrK5H RAVsn1nLEf0Onpg4PaXLEzSclher9jt9aBTk2RePZZvi0ec9AT8m0iy7M1vzzrC3Z4rb JmL0L0YtCPnD1m1OJOuVk3ZXohKyRpoQCyvmFinuDBPsCBRHAUm+PI5wypmOyqMXl8q8 iKJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768891686; x=1769496486; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Wbc3Cmh+J5DTokoRdv7KmNm39Q0ZIs6FEim2iJqp8TM=; b=xQNyl/XH956HabvE3hvSgBkZh9aaHRG3/PePJALdmWBb3CKFbT6d8/n6q8zXdi4OPE GowEY8NsA4v//241Z7h50ntIGTCb6J6gHaFv4k8W43xTPyWDWVTF/DrOicPLfygNlPsJ TA6RpAA0HDdI2TE2kBa1xFNY+iHhoD5n5TdJF5vv+xGhlNTMUFSL/MLcxeFCcNNUt+Om +Hlp0EwIx0vi2S9FjLAV17rDE1PN8duMQfonRMC6XqkfvbFpTQNINlJCJ9bjZglOs6Yf xrfBlQlgyzUA0KTV07PBF2X6MWNPBr0JJbJtDPNzPqFnY2STfJ8mx6NtC07diQTovlcx +lmQ== X-Gm-Message-State: AOJu0Yxeh8D2A9PSEOY2h8jtZVI6nrTJ5XPdhw+TqEvRwk4mjIcMwTaB SFyOnUPgaOaluyEd1lTLs9K6WrfeUxTKTu4pHRb8TKUehN5N1JA5r97ziCi4pQ== X-Gm-Gg: AY/fxX7L5P+O1NlF8G+CEWExKJSxcMhxn1ih1VDEoh+Q6y/KSnyL/xI7qzmVqS0kiWf BTULvJ1F8ZPBS8wL7Bhsu1ONzuNOUmEiE0BwEGtCqF06nJ1avziGLAzpgsoI3ZJalkSyzg//Gzl lbvIn9W60q8WFEgbDgzkCtAFx9j8A+46R17kYs+Xu9lfDMv7yutx++ZeckvFPdb2XuLnjJniyfC 5JEsqYaGMoukYl2PGuPviJJAXNBSNy49izlOrp0CFmzrRd3K5qj8VCrrHXb5k1Pt/b6wc/XccCQ X68q5//OBfsxNkn+bB0lNzovWcwXBYQUT73ovjFwV/zlf3HpaP48uCV1xFG2Qv25KyLjG+9pSZ+ bf6xNDiUjxadFi8pHGWfV+RbXooGgqInf2ICpOtbN3FuKjntXrzNwiUib+w1N5c+g+XyFBui7Jq V/F9aaSjTR X-Received: by 2002:a05:600c:1c24:b0:47e:e2b8:66e6 with SMTP id 5b1f17b1804b1-4802590e305mr169604525e9.14.1768891685561; Mon, 19 Jan 2026 22:48:05 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43569997f41sm26469633f8f.38.2026.01.19.22.48.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 22:48:05 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/5] freerdp: patch CVE-2022-39282 Date: Tue, 20 Jan 2026 07:48:00 +0100 Message-ID: <20260120064803.831507-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120064803.831507-1-skandigraun@gmail.com> References: <20260120064803.831507-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 06:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123655 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39282 Pick the patch that's description matches the CVE description. (Debian also considers the same patch[1] the fix) [1]: https://security-tracker.debian.org/tracker/CVE-2022-39282 Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2022-39282.patch | 38 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch new file mode 100644 index 0000000000..b83e64c173 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch @@ -0,0 +1,38 @@ +From 2dc894cc293a2c4b64176ea0d47587444f9ce9e0 Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Thu, 6 Oct 2022 09:12:40 +0200 +Subject: [PATCH] Fix length checks in parallel driver + +The length requested was not checked against the length read from +the port. + +(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61) + +CVE: CVE-2022-39282 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe] +Signed-off-by: Gyorgy Sarvari +--- + channels/parallel/client/parallel_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c +index af3e82703..993605a65 100644 +--- a/channels/parallel/client/parallel_main.c ++++ b/channels/parallel/client/parallel_main.c +@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp) + return ERROR_INVALID_DATA; + Stream_Read_UINT32(irp->input, Length); + Stream_Read_UINT64(irp->input, Offset); +- buffer = (BYTE*)malloc(Length); ++ buffer = (BYTE*)calloc(Length, sizeof(BYTE)); + + if (!buffer) + { +@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp) + } + else + { ++ Length = status; + } + + Stream_Write_UINT32(irp->output, Length); diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 2271be3c6c..9489684e01 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2022-39316.patch \ file://CVE-2022-39318-39319.patch \ file://CVE-2022-24883.patch \ + file://CVE-2022-39282.patch \ " S = "${WORKDIR}/git" From patchwork Tue Jan 20 06:48:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79122 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 858A9D2ED15 for ; Tue, 20 Jan 2026 06:48:12 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1277.1768891687911526372 for ; Mon, 19 Jan 2026 22:48:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YrhXGGFR; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-47f5c2283b6so32582765e9.1 for ; Mon, 19 Jan 2026 22:48:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768891686; x=1769496486; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=h3fQDnsP6pFuJuKDjUbrBDRnKqSQDGtd994qE+btv9I=; b=YrhXGGFR44P0c2uKxYW6pOlFgE9BsfpH3n2I0K/B9D+1jYe9TfGA500Xf9m1S7haPE cjtuEbhNqSSkUOndzLOOEY3Ry3bI2aJ4NtN8C2N+pFusxURTrNb91aWmUO43E8lTni5n 4vDaa8arpY+2F2iI3kTof2yADiMF+DYlpIXzDb92ZFlU3nqT4bNh0r+3L4am54MOaETy FcNPibGFt0KsXFsL/femIHSGgqnUIvGkWwt9ZVrRj4AyptPGou8qYcopLNRT/WjkCbGP wL6oysiGJtrVOeA85siZrBbrAuZkLP9BU7DPIu2yY/b55XtFQGaOqwfoQ90epYpOgj/B 2O7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768891686; x=1769496486; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=h3fQDnsP6pFuJuKDjUbrBDRnKqSQDGtd994qE+btv9I=; b=nmli1RmeoJWujyWQm4nAzeAMpVYPbP7yAuP+k5dIg67QuqA/yqvFJEp8YiJFsX3q7a cNjpHJHpqOydtGhHDdgecHiSm1XKAOI1U2UDZPzvwJPjGsKGTFYwndz9XeOH1qSE6LY/ BQlowjqIx2l8JTBYKaZ9W2PRE9CMj7t/HLtcF/74nttO7TROXWkGCCXTm3ED99S9Ft1g SzJNVyHDEu0YybMiAjlhBFDx71ZTmSXRoRq2LmCz/sG/1k+kdgroSZUsZKGAZKFzH0Xg bWxOvZm2V35tV2DEDKrY6yTMygRuf8e3GTgmOSrL4KY1it93QSBqhwudfod++b8atioB KKOg== X-Gm-Message-State: AOJu0YyXJeDO9cu7XFeuhgpJGsj3sKWEOHUlqKiNqfJk7DNJggtN1H2D fj1uLwcP4HBuPfIwqQwnuhHnlkXGitj6QqLlLFQCYdM2uGqYQiFWx2T4HXyJyQ== X-Gm-Gg: AY/fxX7Otg+/8hyCenzqasS2mtcY9V8URBx85BLsenK33XDVz41tdx+vLfTXIRgzjml nS3Nd7KiT5lPC5SXbuvjqZn/6db7zsW1LT4Ix3uNbxxhmFSLz0Qppdq/MWmWNHTqaCu0k8/epH7 AIP2EmVYievdOOxWhmhXPWQXwlaA77cc+cUmaJQ09/Dx0ASEz2WSPTq91x4wH5QPpW9wwnffnmc 3If0y5G60DUalxXPSsIShYALq//p6XZdGNUkBenBZyqfWdLU0TRnxiXlvnJPCWNYIGf/lgJyWGf z/3frUlpLC3uyePFEnFEbdUvjqmbwF0cGYNU6v5ERF4rtjxeDZ4pVG+jO6ChZ0QrVzaV0MpFBFm EvDt9ElaSCH+UBMOPLI46sF44GeG433PZjMZNHBET4LsZW+GEQ0JJar6FuzRB1MfZjLsbFzlMwi nIEuDt0AHA/E6ecGIpy4Q= X-Received: by 2002:a05:600c:868f:b0:477:9fcf:3fe3 with SMTP id 5b1f17b1804b1-4803e9fd887mr5783115e9.0.1768891686170; Mon, 19 Jan 2026 22:48:06 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43569997f41sm26469633f8f.38.2026.01.19.22.48.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 22:48:05 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/5] freerdp: mark CVE-2022-39317 patched Date: Tue, 20 Jan 2026 07:48:01 +0100 Message-ID: <20260120064803.831507-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120064803.831507-1-skandigraun@gmail.com> References: <20260120064803.831507-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 06:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123656 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39317 Both Ubuntu[1] and Red Hat[2] confirms that this vulenrability is fixed by the same patch as CVE-2022-39316. Therefore add this CVE ID to the patch's tag also. [1]: https://ubuntu.com/security/CVE-2022-39317 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=2143643 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch index a60b2854c8..d13ad42958 100644 --- a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39316.patch @@ -1,5 +1,5 @@ https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 -CVE: CVE-2022-39316 +CVE: CVE-2022-39316 CVE-2022-39317 Upstream-Status: Backport Signed-off-by: Lee Chee Yang From patchwork Tue Jan 20 06:48:02 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 855FDD2ED11 for ; Tue, 20 Jan 2026 06:48:12 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1278.1768891688602109723 for ; Mon, 19 Jan 2026 22:48:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=eUZQxILB; spf=pass (domain: gmail.com, ip: 209.85.221.43, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-42fb0fc5aa9so2816193f8f.1 for ; Mon, 19 Jan 2026 22:48:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768891687; x=1769496487; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OFGsBkxInggTrU5WPzq/Hxx70ShUXynncy9dYGVeSaM=; b=eUZQxILB2lC2gMltSfB2Gk+xtTYfGCdX63YlBF0KzeYkEjnwBcrsRd4InzR/Jivh1f GGTn7T+RS4Fn48KBDRDCMdeVhY0fYJfYveDo83BjN60pF6ZebIfYsdR3QYRYhnrFiNcN mjyBwtbmoHPmqCTqqJKN5lBLajDcFpDEC7V5JsiGf034WC2QQY1YFd6lwqXbU5Pqkoqq rBKzvrSIavTXTX94pWAlXtT6nga3zQhLUCwEqz91tfPEt2YXCs9SCIWUP/yQTmsX674a HVH9kMziIL+zLICRbkMuOQYKjLSg9YDYVT5PzB0dJohnHJLmS3TSe6lz0Pu/XKZMeNST u+fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768891687; x=1769496487; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OFGsBkxInggTrU5WPzq/Hxx70ShUXynncy9dYGVeSaM=; b=B7tp/umknaQC6MSK9AQrnfbyk5Xx7OUky1OLXQCfxWMxKXKySwBzHhBtbxeqydLjqS Xlax1iKkaVd2Awsh2Ws1H+COx000YBtwSw+96DY950KWfrhQNAtlsWOstNqSbEdypqDu gqK3O7HCkU96qnixbbnDE1fZAceCTbxpvYvwBJ9+cu6osLl23uqKFikWNzwOa3qoRi46 s8ve/yi6dzJzcS+/oE/E/ajs00NImOGhKuvl93CpcGDqI+FV6yR2zwOA077bdhkFQsy/ vTPGcIHjHtcAgLtxPBnu69zQgVJ9Jm02DJNfXk3Wyx60Rljw6jxidhk8iu/z3Y0gm9DG SCJg== X-Gm-Message-State: AOJu0YzLf+uNInp3IhVwEyTZhF+220Jlz9UWAsvE/z7CcFvvLLppkggn Cwo8ho6x2BW/zMt1VQKMkUz0nVva/2jYXKSuJYonW55OiVHTxHaTQ+UgSUQJKA== X-Gm-Gg: AZuq6aJRZm4CWA4j0bALLaw7L3izd7IUpLtyD9Z29/vQfVWhgRwrtCbsrqstGKZIfxE MoQJ9i6u+qp6fCPiOxPdd7f+D6csbruhzKX2H/s/YMcrwVSOR3tcJKM6O8fWdxt2Gf87U6zQpCg 6VXa7OkttWecaX9Z0F20LiZhbg4FYgnQYyS/Obg06d9aZtAv7D1Rdikebu1EkwfCV3wcXQQ53L+ QWuBVIcC2Lzg5xjJA1XQoi7xlVlsWDzjdK5DWmE8Db+gSRta7P26S52wxjGGdARortbqX8i2Mu/ Ab1nu2J+sJgfCi501hZ7sY93oQXoufAwVaZwtJZZ8hhNSiAmHBuBYEbCoJpLISS56M5WNHHlurs DQJYC5re3GnNJOqqp6R88u9jq4Td/1x2BGxFDj6//u8+0wJmEv9PVJZx3TcmhV86qIkh9e6vZhl UjlRL/b0oM X-Received: by 2002:a05:6000:268a:b0:430:f2ee:b220 with SMTP id ffacd0b85a97d-4356a029b02mr17727614f8f.19.1768891686910; Mon, 19 Jan 2026 22:48:06 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43569997f41sm26469633f8f.38.2026.01.19.22.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 22:48:06 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/5] freerdp: patch CVE-2022-39320 Date: Tue, 20 Jan 2026 07:48:02 +0100 Message-ID: <20260120064803.831507-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120064803.831507-1-skandigraun@gmail.com> References: <20260120064803.831507-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 06:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123657 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39320 Take the patch that Debian has determined[1] to solve the issue. [1]: https://security-tracker.debian.org/tracker/CVE-2022-39320 Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2022-39320.patch | 33 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch new file mode 100644 index 0000000000..a668ad024d --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch @@ -0,0 +1,33 @@ +From e9bbd8de33f8640abbd578fb511180853c4dccba Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Thu, 13 Oct 2022 08:36:26 +0200 +Subject: [PATCH] Ensure urb_create_iocompletion uses size_t for calculation + +(cherry picked from commit de7e0f062ee53d00b4a966a43855a716e3478150) + +CVE: CVE-2022-39320 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/68c6a8c1878b5294aecb04d5e27531a720b3793f] +Signed-off-by: Gyorgy Sarvari +--- + channels/urbdrc/client/data_transfer.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c +index 9a44e6e09..82fdc729e 100644 +--- a/channels/urbdrc/client/data_transfer.c ++++ b/channels/urbdrc/client/data_transfer.c +@@ -97,7 +97,13 @@ static wStream* urb_create_iocompletion(UINT32 InterfaceField, UINT32 MessageId, + UINT32 OutputBufferSize) + { + const UINT32 InterfaceId = (STREAM_ID_PROXY << 30) | (InterfaceField & 0x3FFFFFFF); +- wStream* out = Stream_New(NULL, OutputBufferSize + 28); ++ ++#if UINT32_MAX >= SIZE_MAX ++ if (OutputBufferSize > UINT32_MAX - 28ull) ++ return NULL; ++#endif ++ ++ wStream* out = Stream_New(NULL, OutputBufferSize + 28ull); + + if (!out) + return NULL; diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 9489684e01..7cadae3d45 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2022-39318-39319.patch \ file://CVE-2022-24883.patch \ file://CVE-2022-39282.patch \ + file://CVE-2022-39320.patch \ " S = "${WORKDIR}/git" From patchwork Tue Jan 20 06:48:03 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 79120 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7636ED2ECF9 for ; Tue, 20 Jan 2026 06:48:12 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1279.1768891689240505315 for ; Mon, 19 Jan 2026 22:48:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=PnpWbs+W; spf=pass (domain: gmail.com, ip: 209.85.221.49, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-42fbc544b09so3233103f8f.1 for ; Mon, 19 Jan 2026 22:48:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768891688; x=1769496488; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NqQGVlaaLhgBnDSa2U8VizLIuUYwtt2gSuGVwWaTBGU=; b=PnpWbs+WBzDBTSRYteYkNTqi30E16OD1mzHv8WzQu5WmAKTaNj6lSN0tEDONW33sXH dH+THIhV+F03QM15TZnjrXDd+ycmMK/yGkrwziam+vDv64g2RWKbRsBK5dwz1SBxSuyo I92D88n8gr5EJfnob/K2MMg0InqXkficJ1eZbh8JHpLTNWDTs/OsTwbuP4ekgRU0DQ1V YB3otCBumbUBCmnTTEHdznxe5h0eKxR03uGKKj7+F0QIYUYh1/KciEoKsbapm3A10r2f Phpqj0c+pUWTBGmGeglwiTZ9JR1oAJKOcZ8R5/Fv7h+x7ZnS/lKrkWu3lfsqZDZ3ii3E ZrAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768891688; x=1769496488; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NqQGVlaaLhgBnDSa2U8VizLIuUYwtt2gSuGVwWaTBGU=; b=Ud+9kYeVswPUt58efbUM/OVt3D5tUEhS3knfTqZzmNGaR2i5nF/WapWrOeXzu67AJd zbPm4XI4K1dgrL7ikNwRybaFIGySdCrHTYvr9bowGUf8OQHBgAo/8l7qKwzXl6HNxEpk 4yO/p/TG7d6KBQsoJqWAla7uGnFls5dJQ6aWRYNfQEHBxOWUWHEHmhF+qv0NSxgvcL5r TTT9NiO/xnl97bvyFvrJKaGmWrgeh+Ghd9U5e93FqC/TQATfLCBrDQspS2lKNolPkr2W H8NVLL382JCmarWPrtpd6jiv5QUZw7GArJwX7sHRUeckL7uJTQtwHT+LOzEWTLomz7sF S2mA== X-Gm-Message-State: AOJu0Yx6rhdSq6Q2Ob9Qbf/5//B1AVH27DjM5cwqLOP9J2Q6Se293Gq+ IFXdCuE4UdPGEB6yRa5XIP10XHXV6Jgi6OIAjyoPF/CAO3UHLlNv6htKya1psg== X-Gm-Gg: AZuq6aJmUSRLzgJm4cZPEimKUh74c5ids+KjSlmsFrw7n00UU7SwKFqmqSOXTCaODIM ZARj6ZIvSN4X/OwQ7ZiB158FA6qFsqz+7N0Qcz7lh3RcOVGApuPKhGQbM4izW2peOmesyYl1ZLG vXqf80k5D+9v+/UtNfqs/s8Q1ht0f5aHswBhG2VLQ+EoSFGt4O2NJID2zuh1xllcdvUgyqLgozN LtI1sGcp1HJvwCxU0pECvMCdpTUp1y5Fd5CoRXnMS/OptJJz8GiCEiQ1ekdAmegDvgJBzdjO9sD VoXAns6r8EYesnREGB5mu3uj8HcWAGw47bCx7YNCwn3Z6y1+u2B1p8hZaYtwjAtFNUfM+YBjQEc 3613sjTUW9WI2Mu2Cxt2JdvkQ8KCF5SMfidjKo927Gt3gGlAizaHjBzJnO4ZmAwLhFVoe1gS2tr GBtUfgVY8q X-Received: by 2002:a05:6000:402a:b0:42f:b581:c69a with SMTP id ffacd0b85a97d-4358ff1c1f1mr1017589f8f.5.1768891687512; Mon, 19 Jan 2026 22:48:07 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43569997f41sm26469633f8f.38.2026.01.19.22.48.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 19 Jan 2026 22:48:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 5/5] freerdp: patch CVE-2023-39350 Date: Tue, 20 Jan 2026 07:48:03 +0100 Message-ID: <20260120064803.831507-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260120064803.831507-1-skandigraun@gmail.com> References: <20260120064803.831507-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 06:48:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/123658 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39350 Pick the patch that's mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../freerdp/freerdp/CVE-2023-39350.patch | 53 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39350.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39350.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39350.patch new file mode 100644 index 0000000000..17a4aacb32 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2023-39350.patch @@ -0,0 +1,53 @@ +From 944994cb41d62ea893bd8bdaf436e97f42965de0 Mon Sep 17 00:00:00 2001 +From: Armin Novak +Date: Sat, 5 Aug 2023 08:57:28 +0200 +Subject: [PATCH] check indices are within range + +reported by @pwn2carr + +CVE: CVE-2023-39350 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc] +Signed-off-by: Gyorgy Sarvari +--- + libfreerdp/codec/rfx.c | 25 ++++++++++++++++++++++++- + 1 file changed, 24 insertions(+), 1 deletion(-) + +diff --git a/libfreerdp/codec/rfx.c b/libfreerdp/codec/rfx.c +index 8c65e7508..998a7aa56 100644 +--- a/libfreerdp/codec/rfx.c ++++ b/libfreerdp/codec/rfx.c +@@ -932,10 +932,33 @@ static BOOL rfx_process_message_tileset(RFX_CONTEXT* context, RFX_MESSAGE* messa + rc = FALSE; + break; + } +- + Stream_Read_UINT8(&sub, tile->quantIdxY); /* quantIdxY (1 byte) */ + Stream_Read_UINT8(&sub, tile->quantIdxCb); /* quantIdxCb (1 byte) */ + Stream_Read_UINT8(&sub, tile->quantIdxCr); /* quantIdxCr (1 byte) */ ++ if (tile->quantIdxY >= context->numQuant) ++ { ++ WLog_Print(context->priv->log, WLOG_ERROR, ++ "quantIdxY %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxY, ++ context->numQuant); ++ rc = FALSE; ++ break; ++ } ++ if (tile->quantIdxCb >= context->numQuant) ++ { ++ WLog_Print(context->priv->log, WLOG_ERROR, ++ "quantIdxCb %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCb, ++ context->numQuant); ++ rc = FALSE; ++ break; ++ } ++ if (tile->quantIdxCr >= context->numQuant) ++ { ++ WLog_Print(context->priv->log, WLOG_ERROR, ++ "quantIdxCr %" PRIu8 " >= numQuant %" PRIu8, tile->quantIdxCr, ++ context->numQuant); ++ rc = FALSE; ++ break; ++ } + Stream_Read_UINT16(&sub, tile->xIdx); /* xIdx (2 bytes) */ + Stream_Read_UINT16(&sub, tile->yIdx); /* yIdx (2 bytes) */ + Stream_Read_UINT16(&sub, tile->YLen); /* YLen (2 bytes) */ diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 7cadae3d45..a104f33e52 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -21,6 +21,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2022-24883.patch \ file://CVE-2022-39282.patch \ file://CVE-2022-39320.patch \ + file://CVE-2023-39350.patch \ " S = "${WORKDIR}/git"