Overview

File xrdp-CVE-2022-23481.patch of Package xrdp.27260

From 8122e36ec71ca88504495160ad30f4f1adac00c4 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 10:40:25 +0000
Subject: [PATCH] CVE-2022-23481

Add length checks to client confirm active PDU parsing
---
 libxrdp/xrdp_caps.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libxrdp/xrdp_caps.c b/libxrdp/xrdp_caps.c
index a5883a01..b0206b61 100644
--- a/libxrdp/xrdp_caps.c
+++ b/libxrdp/xrdp_caps.c
@@ -522,10 +522,23 @@ xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
     char *p;
 
     DEBUG(("in xrdp_caps_process_confirm_active"));
+    if (!s_check_rem_and_log(s, 10,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header"))
+    {
+        return 1;
+    }
     in_uint8s(s, 4); /* rdp_shareid */
     in_uint8s(s, 2); /* userid */
     in_uint16_le(s, source_len); /* sizeof RDP_SOURCE */
     in_uint16_le(s, cap_len);
+
+    if (!s_check_rem_and_log(s, source_len + 2 + 2,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header2"))
+    {
+        return 1;
+    }
     in_uint8s(s, source_len);
     in_uint16_le(s, num_caps);
     in_uint8s(s, 2); /* pad */
-- 
2.39.0
openSUSE Build Service is sponsored by
Places