Overview

File xrdp-CVE-2022-23484.patch of Package xrdp.29105

From 5663cdb4ba02e4af323d837922d3920688adebe1 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 10:03:24 +0000
Subject: [PATCH] CVE-2022-23484

Add check for RAIL window text size
---
 xrdp/xrdp_mm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c
index 27f138d8..fc481367 100644
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@@ -981,6 +981,12 @@ xrdp_mm_process_rail_update_window_text(struct xrdp_mm* self, struct stream* s)
 
     g_memset(&rwso, 0, sizeof(rwso));
     in_uint32_le(s, size); /* title size */
+    if (size < 0 || !s_check_rem(s, size))
+    {
+        log_message(LOG_LEVEL_ERROR, "%s : invalid window text size %d",
+            __func__, size);
+        return 1;
+    }
     rwso.title_info = g_malloc(size + 1, 0);
     in_uint8a(s, rwso.title_info, size);
     rwso.title_info[size] = 0;
-- 
2.39.0
openSUSE Build Service is sponsored by
Places