Overview

File xrdp-CVE-2022-23468.patch of Package xrdp

From a0b5de1d09ed149cbbee8697f001adbbe9476a06 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:16:44 +0000
Subject: [PATCH 1/9] CVE-2022-23468

Login window - replace g_sprintf() withl g_snprintf() calls
---
 xrdp/xrdp_login_wnd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 7a3134fd..28748676 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
     if (globals->ls_title[0] == 0)
     {
         g_gethostname(buf1, 256);
-        g_sprintf(buf, "Login to %s", buf1);
+        g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
         set_string(&self->login_window->caption1, buf);
     }
     else
     {
         /*self->login_window->caption1 = globals->ls_title[0];*/
-        g_sprintf(buf, "%s", globals->ls_title);
+        g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
         set_string(&self->login_window->caption1, buf);
     }
 
-- 
2.39.0
openSUSE Build Service is sponsored by
Places