Overview

File xrdp-CVE-2022-23481.patch of Package xrdp.27351

From 356fb45702890acc91bde9c19eb5fe07ca0316c4 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 10:40:25 +0000
Subject: [PATCH 06/10] CVE-2022-23481

Add length checks to client confirm active PDU parsing
---
 libxrdp/xrdp_caps.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/libxrdp/xrdp_caps.c b/libxrdp/xrdp_caps.c
index ead495ca..ba24eb31 100644
--- a/libxrdp/xrdp_caps.c
+++ b/libxrdp/xrdp_caps.c
@@ -606,11 +606,23 @@ xrdp_caps_process_confirm_active(struct xrdp_rdp *self, struct stream *s)
     int len;
     char *p;
 
-    DEBUG(("in xrdp_caps_process_confirm_active"));
+    if (!s_check_rem_and_log(s, 10,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header"))
+    {
+        return 1;
+    }
     in_uint8s(s, 4); /* rdp_shareid */
     in_uint8s(s, 2); /* userid */
     in_uint16_le(s, source_len); /* sizeof RDP_SOURCE */
     in_uint16_le(s, cap_len);
+
+    if (!s_check_rem_and_log(s, source_len + 2 + 2,
+                             "Parsing [MS-RDPBCGR] TS_CONFIRM_ACTIVE_PDU"
+                             " - header2"))
+    {
+        return 1;
+    }
     in_uint8s(s, source_len);
     in_uint16_le(s, num_caps);
     in_uint8s(s, 2); /* pad */
-- 
2.39.0
openSUSE Build Service is sponsored by
Places