File xrdp-CVE-2017-6967.patch of Package xrdp.29105

Index: b/sesman/scp_v0.c
===================================================================
--- a/sesman/scp_v0.c	2016-08-01 15:28:23.000000000 +0800
+++ b/sesman/scp_v0.c	2019-10-11 16:29:06.031920393 +0800
@@ -36,6 +36,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
     tbus data;
     struct session_item *s_item;
     int errorcode = 0 ;
+    int do_auth_end = 1;
 
     data = auth_userpass(s->username, s->password,&errorcode);
 
@@ -94,8 +95,6 @@ scp_v0_process(struct SCP_CONNECTION *c,
             }
 
             session_reconnect(display, s->username);
-            auth_end(data);
-            /* don't set data to null here */
         }
         else
         {
@@ -139,6 +138,9 @@ scp_v0_process(struct SCP_CONNECTION *c,
                                             s->domain, s->program, s->directory,
                                             s->client_ip);
                 }
+                /* if the session started up ok, auth_end will be called on
+                   sig child */
+                do_auth_end = display == 0;
             }
             else
             {
@@ -148,7 +150,6 @@ scp_v0_process(struct SCP_CONNECTION *c,
 
         if (display == 0)
         {
-            auth_end(data);
             scp_v0s_deny_connection(c);
         }
         else
@@ -160,4 +161,8 @@ scp_v0_process(struct SCP_CONNECTION *c,
     {
         scp_v0s_deny_connection(c);
     }
+    if (do_auth_end)
+    {
+        auth_end(data);
+    }
 }
Index: b/sesman/scp_v1.c
===================================================================
--- a/sesman/scp_v1.c	2016-08-01 15:28:23.000000000 +0800
+++ b/sesman/scp_v1.c	2019-10-11 16:28:37.499687809 +0800
@@ -38,7 +38,7 @@ void DEFAULT_CC
 scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
 {
     long data;
-    int display;
+    int display = 0;
     int retries;
     int current_try;
     enum SCP_SERVER_STATES_E e;
@@ -46,6 +46,7 @@ scp_v1_process(struct SCP_CONNECTION *c,
     struct session_item *sitem;
     int scount;
     SCP_SID sid;
+    int do_auth_end = 1;
 
     retries = g_cfg->sec.login_retry;
     current_try = retries;
@@ -129,13 +130,23 @@ scp_v1_process(struct SCP_CONNECTION *c,
                                     s->password, data, SESMAN_SESSION_TYPE_XVNC,
                                     s->domain, s->program, s->directory, s->client_ip);
         }
-        else
+        else if (SCP_SESSION_TYPE_XRDP == s->type)
         {
             log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
             display = session_start(s->width, s->height, s->bpp, s->username,
                                     s->password, data, SESMAN_SESSION_TYPE_XRDP,
                                     s->domain, s->program, s->directory, s->client_ip);
         }
+        else if (SCP_SESSION_TYPE_XORG == s->type)
+        {
+            log_message(LOG_LEVEL_INFO, "starting Xorg session...");
+            display = session_start(s->width, s->height, s->bpp, s->username,
+                                    s->password, data, SESMAN_SESSION_TYPE_XORG,
+                                    s->domain, s->program, s->directory, s->client_ip);
+        }
+        /* if the session started up ok, auth_end will be called on
+           sig child */
+        do_auth_end = display == 0;
 
         e = scp_v1s_connect_new_session(c, display);
 
@@ -205,7 +216,10 @@ scp_v1_process(struct SCP_CONNECTION *c,
 
     /* cleanup */
     scp_session_destroy(s);
-    auth_end(data);
+    if (do_auth_end)
+    {
+        auth_end(data);
+    }
     g_free(slist);
 }