Overview

File xrdp-CVE-2022-23481.patch of Package xrdp.27289

From e7c3308c23e85f932242f52b150e5804163847a2 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 10:40:25 +0000
Subject: [PATCH 5/8] CVE-2022-23481

Add length checks to client confirm active PDU parsing
---
 libxrdp/xrdp_caps.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/libxrdp/xrdp_caps.c b/libxrdp/xrdp_caps.c
index dddf6d23..0f46b740 100644
--- a/libxrdp/xrdp_caps.c
+++ b/libxrdp/xrdp_caps.c
@@ -577,11 +577,23 @@ xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
     int len;
     char *p;
 
-    DEBUG(("in xrdp_caps_process_confirm_active"));
+    if (!s_check_rem_and_log(s, 10,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header"))
+    {
+        return 1;
+    }
     in_uint8s(s, 4); /* rdp_shareid */
     in_uint8s(s, 2); /* userid */
     in_uint16_le(s, source_len); /* sizeof RDP_SOURCE */
     in_uint16_le(s, cap_len);
+
+    if (!s_check_rem_and_log(s, source_len + 2 + 2,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header2"))
+    {
+        return 1;
+    }
     in_uint8s(s, source_len);
     in_uint16_le(s, num_caps);
     in_uint8s(s, 2); /* pad */
-- 
2.39.0
openSUSE Build Service is sponsored by
Places