[oe] [meta-oe][kirkstone][PATCH 4/5] freerdp: patch CVE-2022-39320

Gyorgy Sarvari via lists.openembedded.org Mon, 19 Jan 2026 22:48:15 -0800

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39320


Take the patch that Debian has determined[1] to solve the issue.

[1]: https://security-tracker.debian.org/tracker/CVE-2022-39320

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../freerdp/freerdp/CVE-2022-39320.patch      | 33 +++++++++++++++++++
 .../recipes-support/freerdp/freerdp_2.6.1.bb  |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch

diff --git a/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch 
b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch
new file mode 100644
index 0000000000..a668ad024d
--- /dev/null
+++ b/meta-oe/recipes-support/freerdp/freerdp/CVE-2022-39320.patch
@@ -0,0 +1,33 @@
+From e9bbd8de33f8640abbd578fb511180853c4dccba Mon Sep 17 00:00:00 2001
+From: akallabeth <[email protected]>
+Date: Thu, 13 Oct 2022 08:36:26 +0200
+Subject: [PATCH] Ensure urb_create_iocompletion uses size_t for calculation
+
+(cherry picked from commit de7e0f062ee53d00b4a966a43855a716e3478150)
+
+CVE: CVE-2022-39320
+Upstream-Status: Backport 
[https://github.com/FreeRDP/FreeRDP/commit/68c6a8c1878b5294aecb04d5e27531a720b3793f]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ channels/urbdrc/client/data_transfer.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/channels/urbdrc/client/data_transfer.c 
b/channels/urbdrc/client/data_transfer.c
+index 9a44e6e09..82fdc729e 100644
+--- a/channels/urbdrc/client/data_transfer.c
++++ b/channels/urbdrc/client/data_transfer.c
+@@ -97,7 +97,13 @@ static wStream* urb_create_iocompletion(UINT32 
InterfaceField, UINT32 MessageId,
+                                         UINT32 OutputBufferSize)
+ {
+       const UINT32 InterfaceId = (STREAM_ID_PROXY << 30) | (InterfaceField & 
0x3FFFFFFF);
+-      wStream* out = Stream_New(NULL, OutputBufferSize + 28);
++
++#if UINT32_MAX >= SIZE_MAX
++      if (OutputBufferSize > UINT32_MAX - 28ull)
++              return NULL;
++#endif
++
++      wStream* out = Stream_New(NULL, OutputBufferSize + 28ull);
+ 
+       if (!out)
+               return NULL;
diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb 
b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
index 9489684e01..7cadae3d45 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.6.1.bb
@@ -20,6 +20,7 @@ SRC_URI = 
"git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
            file://CVE-2022-39318-39319.patch \
            file://CVE-2022-24883.patch \
            file://CVE-2022-39282.patch \
+           file://CVE-2022-39320.patch \
            "
 
 S = "${WORKDIR}/git"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123657): 
https://lists.openembedded.org/g/openembedded-devel/message/123657
Mute This Topic: https://lists.openembedded.org/mt/117359793/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][kirkstone][PATCH 4/5] freerdp: patch CVE-2022-39320

Reply via email to