From e14b8e093f9a1b2d74a06d484776c70d30a1b2b360912ece40afc13b5f85efdb Mon Sep 17 00:00:00 2001
From: Bruno Friedmann <bruno@ioda-net.ch>
Date: Tue, 24 Jun 2014 06:55:47 +0000
Subject: [PATCH] Accepting request 238357 from
 home:zhangxiaofei:branches:X11:RemoteDesktop

CVE-2014-0791, bnc#863929

OBS-URL: https://build.opensuse.org/request/show/238357
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/freerdp?expand=0&rev=45
---
 freerdp-CVE-2014-0791.patch | 25 +++++++++++++++++++++++++
 freerdp.changes             |  7 +++++++
 freerdp.spec                |  2 ++
 3 files changed, 34 insertions(+)
 create mode 100644 freerdp-CVE-2014-0791.patch

diff --git a/freerdp-CVE-2014-0791.patch b/freerdp-CVE-2014-0791.patch
new file mode 100644
index 0000000..fbdf0f8
--- /dev/null
+++ b/freerdp-CVE-2014-0791.patch
@@ -0,0 +1,25 @@
+From 5253b9e27a2de48564f9b41eb3643a8edf11afe9 Mon Sep 17 00:00:00 2001
+From: Felix Zhang <fezhang@suse.com>
+Date: Mon, 23 Jun 2014 12:57:55 +0800
+Subject: [PATCH] CVE-2014-0791
+
+---
+ libfreerdp-core/license.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c
+index 60b9f93..2425ddc 100644
+--- a/libfreerdp-core/license.c
++++ b/libfreerdp-core/license.c
+@@ -539,6 +539,8 @@ void license_read_scope_list(STREAM* s, SCOPE_LIST* scopeList)
+ 	uint32 scopeCount;
+ 
+ 	stream_read_uint32(s, scopeCount); /* ScopeCount (4 bytes) */
++	if (scopeCount > stream_get_left(s) / 4)  /* every blob is at least 4 bytes */
++		return;
+ 
+ 	scopeList->count = scopeCount;
+ 	scopeList->array = (LICENSE_BLOB*) xmalloc(sizeof(LICENSE_BLOB) * scopeCount);
+-- 
+1.7.12.4
+
diff --git a/freerdp.changes b/freerdp.changes
index 1b5ac47..501714d 100644
--- a/freerdp.changes
+++ b/freerdp.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jun 23 03:05:37 UTC 2014 - fezhang@suse.com
+
+- Add freerdp-CVE-2014-0791.patch to fix bnc#857491
+  backported from upstream commit:
+  https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
+
 -------------------------------------------------------------------
 Thu Jun 12 20:50:36 UTC 2014 - dliang@suse.com
 
diff --git a/freerdp.spec b/freerdp.spec
index c3d29f0..bf461f1 100644
--- a/freerdp.spec
+++ b/freerdp.spec
@@ -35,6 +35,7 @@ Patch4:         freerdp-handle-null-device-name.patch
 Patch5:         freerdp_branch-1.0.x_fix-kpdivide-issue831.patch
 # PATCH-FIX-UPSTREAM freerdp-CVE-2014-0250.patch bnc#880317 dliang@suse.com - backport from upstream 
 Patch6:         freerdp-CVE-2014-0250.patch
+Patch7:         freerdp-CVE-2014-0791.patch
 BuildRequires:  alsa-devel
 BuildRequires:  cmake
 BuildRequires:  cups-devel
@@ -86,6 +87,7 @@ based on libfreerdp.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 # use a versioned subdirectory for plugins in order to comply with the shared
 # library policy
 ed -s CMakeLists.txt 2>/dev/null <<'EOF'