pool/xrdp
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Add xrdp-CVE-2025-68670.patch #1

Manually merged
pool merged 1 commits from xiaoguang_wang/xrdp:leap-16.0 into leap-16.0 2026-02-03 15:27:47 +01:00
Conversation 9 Commits 1 Files Changed 3 +77
3 changed files with 77 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
xrdp-CVE-2025-68670.patch Normal file
View File

@@ -0,0 +1,68 @@
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 5df3232..018b38b 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -277,7 +277,8 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd)
*/
static int
xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
- int decode, char *resultBuffer)
+ int decode,
+ char *resultBuffer, unsigned int resultSize)
{
int ret;
int pos;
@@ -287,8 +288,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
/* If the first char in the domain name is '_' we use the domain
name as IP*/
ret = 0; /* default return value */
- /* resultBuffer assumed to be 256 chars */
- g_memset(resultBuffer, 0, 256);
+ g_memset(resultBuffer, 0, resultSize);
if (originalDomainInfo[0] == '_')
{
/* we try to locate a number indicating what combobox index the user
@@ -298,7 +298,7 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
* Invalid chars are ignored in microsoft client therefore we use '_'
* again. this sec '__' contains the split for index.*/
pos = g_pos(&originalDomainInfo[1], "__");
- if (pos > 0)
+ if (pos > 0 && (unsigned int)pos < resultSize)
{
/* an index is found we try to use it */
LOG(LOG_LEVEL_DEBUG, "domain contains index char __");
@@ -320,12 +320,12 @@ xrdp_wm_parse_domain_information(char *originalDomainInfo, int comboMax,
}
}
/* pos limit the String to only contain the IP */
- g_strncpy(resultBuffer, &originalDomainInfo[1], pos);
+ strlcpy(resultBuffer, &originalDomainInfo[1], pos + 1);
}
else
{
LOG(LOG_LEVEL_DEBUG, "domain does not contain _");
- g_strncpy(resultBuffer, &originalDomainInfo[1], 255);
+ strlcpy(resultBuffer, &originalDomainInfo[1], resultSize);
}
}
return ret;
@@ -450,7 +450,8 @@ xrdp_wm_show_edits(struct xrdp_wm *self, struct xrdp_bitmap *combo)
{
xrdp_wm_parse_domain_information(
self->session->client_info->domain,
- combo->data_list->count, 0, resultIP);
+ combo->data_list->count, 0,
+ resultIP, sizeof(resultIP));
g_strncpy(b->caption1, resultIP, 255);
b->edit_pos = g_mbstowcs(0, b->caption1, 0);
}
@@ -875,7 +876,8 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
combo->item_index = xrdp_wm_parse_domain_information(
self->session->client_info->domain,
combo->data_list->count, 1,
- resultIP /* just a dummy place holder, we ignore */ );
+ resultIP,/* just a dummy place holder, we ignore */
+ sizeof(resultIP));
xrdp_wm_show_edits(self, combo);
return 0;

6
xrdp.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jan 30 06:19:37 UTC 2026 - Xiaoguang Wang <xiaoguang.wang@suse.com>
- Add xrdp-CVE-2025-68670.patch: Fix a potential overflow
(bsc#1257362 CVE-2025-68670).
-------------------------------------------------------------------
Sat May 3 20:51:12 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>

3
xrdp.spec
View File

@@ -43,6 +43,8 @@ Patch4: xrdp-disable-8-bpp-vnc-support.patch
Patch5: xrdp-support-KillDisconnected-for-Xvnc.patch
# PATCH-FIX-OPENSUSE xrdp-systemd-services.patch boo#1138954 boo#1144327 - fezhang@suse.com -- Let systemd handle the daemons
Patch6: xrdp-systemd-services.patch
# PATCH-FIX-UPSTREAM xrdp-CVE-2025-68670.patch bsc#1257362 - xwang@suse.com -- Fix a potential overflow
Patch7: xrdp-CVE-2025-68670.patch
# Keep SLE only patches on the bottom starting from patch number 1001
# PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - hfiguiere@novell.com -- Add Avahi support.
@@ -105,6 +107,7 @@ This package contains libraries for the JPEG2000 codec for RDP.
%patch -P 4 -p1
%patch -P 5 -p1
%patch -P 6 -p1
%patch -P 7 -p1
%if 0%{?sle_version}
%patch -P 1001 -p1
%patch -P 1002 -p1