Add patch for CVE-2022-23613.

2022-02-08 11:48:01 +11:00 · 2022-02-08 11:48:01 +11:00 · a61009746f
parent 0bf288818c
commit a61009746f
2 changed files with 52 additions and 1 deletions
--- a/xrdp-0.9.18-cve-2022-23613.patch
+++ b/xrdp-0.9.18-cve-2022-23613.patch
@ -0,0 +1,47 @@
+From eb4a8e342dcf848ca716792763ca1904e913ca9d Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Wed, 2 Feb 2022 10:39:50 +0000
+Subject: [PATCH] Add lower bound to sesman data input size check
+
+---
+ sesman/sesman.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/sesman/sesman.c b/sesman/sesman.c
+index a85769053..e2b057e6a 100644
+--- a/sesman/sesman.c
+++ b/sesman/sesman.c
+@@ -276,6 +276,7 @@ sesman_close_all(void)
+ static int
+ sesman_data_in(struct trans *self)
+ {
+#define HEADER_SIZE 8
+     int version;
+     int size;
+ 
+@@ -283,9 +284,9 @@ sesman_data_in(struct trans *self)
+     {
+         in_uint32_be(self->in_s, version);
+         in_uint32_be(self->in_s, size);
+-        if (size > self->in_s->size)
+        if (size < HEADER_SIZE || size > self->in_s->size)
+         {
+-            LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size");
+            LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size);
+             return 1;
+         }
+         self->header_size = size;
+@@ -302,11 +303,12 @@ sesman_data_in(struct trans *self)
+             return 1;
+         }
+         /* reset for next message */
+-        self->header_size = 8;
+        self->header_size = HEADER_SIZE;
+         self->extra_flags = 0;
+         init_stream(self->in_s, 0); /* Reset input stream pointers */
+     }
+     return 0;
+#undef HEADER_SIZE
+ }
+ 
+ /******************************************************************************/
--- a/xrdp.spec
+++ b/xrdp.spec
@ -17,7 +17,7 @@ Summary:   Open source remote desktop protocol (RDP) server
 Name:      xrdp
 Epoch:     1
 Version:   0.9.18
-Release:   4%{?dist}
+Release:   5%{?dist}
 License:   ASL 2.0 and GPLv2+ and MIT
 URL:       http://www.xrdp.org/
 Source0:   https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%{version}.tar.gz
@ -39,6 +39,7 @@ Patch6:    xrdp-0.9.18-vnc-uninit.patch
 Patch7:    xrdp-0.9.15-sesman-ini.patch
 %endif
 Patch8:    xrdp-0.9.18-imlib2.patch
+Patch9:    xrdp-0.9.18-cve-2022-23613.patch

 BuildRequires: make
 BuildRequires: gcc
@ -289,6 +290,9 @@ fi
 %{_datadir}/selinux/*/%{name}.pp

 %changelog
+* Tue Feb  8 2022 Bojan Smojver <bojan@rexurive.com> - 1:0.9.18-5
+- Add patch for CVE-2022-23613
+
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:0.9.18-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild