pool/xrdp
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b6769c9e38
xrdp/xrdp-CVE-2022-23468.patch
Yifan Jiang f0ddc89311 Accepting request 1057176 from home:yudaike:branches:X11:RemoteDesktop 
- xrdp-CVE-2022-23477.patch (bsc#1206301)
  + Buffer over flow in audin_send_open() function

- Security fixes:
  + xrdp-CVE-2022-23468.patch (bsc#1206300)
    * Buffer overflow in xrdp_login_wnd_create()
  + xrdp-CVE-2022-23478.patch (bsc#1206302)
    * Out of Bound Write in xrdp_mm_trans_process_drdynvc_chan
  + xrdp-CVE-2022-23479.patch (bsc#1206303)
    * Buffer overflow in xrdp_mm_chan_data_in() function
  + xrdp-CVE-2022-23480.patch (bsc#1206306)
    * Buffer overflow in devredir_proc_client_devlist_announce_req
  + xrdp-CVE-2022-23481.patch (bsc#1206307)
    * Out of Bound Read in xrdp_caps_process_confirm_active()
  + xrdp-CVE-2022-23482.patch (bsc#1206310)
    + Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE()
  + xrdp-CVE-2022-23483.patch (bsc#1206311)
    + Out of Bound REad in libxrdp_send_to_channel()
  + xrdp-CVE-2022-23484.patch (bsc#1206312)
    + Integer Overflow in xrdp_mm_process_rail_update_window_text()
  + xrdp-CVE-2022-23493.patch (bsc#1206313)
    + Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close()

OBS-URL: https://build.opensuse.org/request/show/1057176
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=106
2023-01-10 03:10:49 +00:00

34 lines
1.1 KiB
Diff
Raw Blame History

From a0b5de1d09ed149cbbee8697f001adbbe9476a06 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:16:44 +0000
Subject: [PATCH 1/9] CVE-2022-23468
Login window - replace g_sprintf() withl g_snprintf() calls
---
xrdp/xrdp_login_wnd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 7a3134fd..28748676 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
if (globals->ls_title[0] == 0)
{
g_gethostname(buf1, 256);
- g_sprintf(buf, "Login to %s", buf1);
+ g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
set_string(&self->login_window->caption1, buf);
}
else
{
/*self->login_window->caption1 = globals->ls_title[0];*/
- g_sprintf(buf, "%s", globals->ls_title);
+ g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
set_string(&self->login_window->caption1, buf);
}
--
2.39.0
Reference in New Issue View Git Blame Copy Permalink