xrdp/xrdp-CVE-2022-23468.patch

From a0b5de1d09ed149cbbee8697f001adbbe9476a06 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:16:44 +0000
Subject: [PATCH 1/9] CVE-2022-23468

Login window - replace g_sprintf() withl g_snprintf() calls
---
 xrdp/xrdp_login_wnd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 7a3134fd..28748676 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
     if (globals->ls_title[0] == 0)
     {
         g_gethostname(buf1, 256);
-        g_sprintf(buf, "Login to %s", buf1);
+        g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
         set_string(&self->login_window->caption1, buf);
     }
     else
     {
         /*self->login_window->caption1 = globals->ls_title[0];*/
-        g_sprintf(buf, "%s", globals->ls_title);
+        g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
         set_string(&self->login_window->caption1, buf);
     }
 
-- 
2.39.0
Accepting request 1057176 from home:yudaike:branches:X11:RemoteDesktop - xrdp-CVE-2022-23477.patch (bsc#1206301) + Buffer over flow in audin_send_open() function - Security fixes: + xrdp-CVE-2022-23468.patch (bsc#1206300) * Buffer overflow in xrdp_login_wnd_create() + xrdp-CVE-2022-23478.patch (bsc#1206302) * Out of Bound Write in xrdp_mm_trans_process_drdynvc_chan + xrdp-CVE-2022-23479.patch (bsc#1206303) * Buffer overflow in xrdp_mm_chan_data_in() function + xrdp-CVE-2022-23480.patch (bsc#1206306) * Buffer overflow in devredir_proc_client_devlist_announce_req + xrdp-CVE-2022-23481.patch (bsc#1206307) * Out of Bound Read in xrdp_caps_process_confirm_active() + xrdp-CVE-2022-23482.patch (bsc#1206310) + Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() + xrdp-CVE-2022-23483.patch (bsc#1206311) + Out of Bound REad in libxrdp_send_to_channel() + xrdp-CVE-2022-23484.patch (bsc#1206312) + Integer Overflow in xrdp_mm_process_rail_update_window_text() + xrdp-CVE-2022-23493.patch (bsc#1206313) + Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() OBS-URL: https://build.opensuse.org/request/show/1057176 OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=106 2023-01-10 04:10:49 +01:00			`From a0b5de1d09ed149cbbee8697f001adbbe9476a06 Mon Sep 17 00:00:00 2001`
			`From: matt335672 <30179339+matt335672@users.noreply.github.com>`
			`Date: Wed, 7 Dec 2022 09:16:44 +0000`
			`Subject: [PATCH 1/9] CVE-2022-23468`

			`Login window - replace g_sprintf() withl g_snprintf() calls`
			`---`
			`xrdp/xrdp_login_wnd.c \| 4 ++--`
			`1 file changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c`
			`index 7a3134fd..28748676 100644`
			`--- a/xrdp/xrdp_login_wnd.c`
			`+++ b/xrdp/xrdp_login_wnd.c`
			`@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)`
			`if (globals->ls_title[0] == 0)`
			`{`
			`g_gethostname(buf1, 256);`
			`- g_sprintf(buf, "Login to %s", buf1);`
			`+ g_snprintf(buf, sizeof(buf), "Login to %s", buf1);`
			`set_string(&self->login_window->caption1, buf);`
			`}`
			`else`
			`{`
			`/self->login_window->caption1 = globals->ls_title[0];/`
			`- g_sprintf(buf, "%s", globals->ls_title);`
			`+ g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);`
			`set_string(&self->login_window->caption1, buf);`
			`}`

			`--`
			`2.39.0`