Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39282
Pick the patch that's description matches the CVE description. (Debian also considers the same patch[1] the fix) [1]: https://security-tracker.debian.org/tracker/CVE-2022-39282 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../freerdp/freerdp/CVE-2022-39282.patch | 38 +++++++++++++++++++ .../recipes-support/freerdp/freerdp_2.6.1.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch new file mode 100644 index 0000000000..b83e64c173 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39282.patch @@ -0,0 +1,38 @@ +From 2dc894cc293a2c4b64176ea0d47587444f9ce9e0 Mon Sep 17 00:00:00 2001 +From: akallabeth <[email protected]> +Date: Thu, 6 Oct 2022 09:12:40 +0200 +Subject: [PATCH] Fix length checks in parallel driver + +The length requested was not checked against the length read from +the port. + +(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61) + +CVE: CVE-2022-39282 +Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + channels/parallel/client/parallel_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c +index af3e82703..993605a65 100644 +--- a/channels/parallel/client/parallel_main.c ++++ b/channels/parallel/client/parallel_main.c +@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp) + return ERROR_INVALID_DATA; + Stream_Read_UINT32(irp->input, Length); + Stream_Read_UINT64(irp->input, Offset); +- buffer = (BYTE*)malloc(Length); ++ buffer = (BYTE*)calloc(Length, sizeof(BYTE)); + + if (!buffer) + { +@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp) + } + else + { ++ Length = status; + } + + Stream_Write_UINT32(irp->output, Length); diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb index 2271be3c6c..9489684e01 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https file://CVE-2022-39316.patch \ file://CVE-2022-39318-39319.patch \ file://CVE-2022-24883.patch \ + file://CVE-2022-39282.patch \ " S = "${WORKDIR}/git"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123655): https://lists.openembedded.org/g/openembedded-devel/message/123655 Mute This Topic: https://lists.openembedded.org/mt/117359791/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
