CVE-2022-39283: Add missing length check in video channel
Resolves: #2136154
This commit is contained in:
parent
96676737fa
commit
0657b181a4
29
Fixed-missing-length-check-in-video-channel.patch
Normal file
29
Fixed-missing-length-check-in-video-channel.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From bf28ea249de57acc6dfadbd778afef2093c1c283 Mon Sep 17 00:00:00 2001
|
||||||
|
From: akallabeth <akallabeth@posteo.net>
|
||||||
|
Date: Thu, 6 Oct 2022 09:15:40 +0200
|
||||||
|
Subject: [PATCH] Fixed missing length check in video channel
|
||||||
|
|
||||||
|
Data received in video redirection channel was not checked for
|
||||||
|
proper length.
|
||||||
|
|
||||||
|
(cherry picked from commit eeffd1050e9284d1464b58e049b2b4d88726632b)
|
||||||
|
---
|
||||||
|
channels/video/client/video_main.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/channels/video/client/video_main.c b/channels/video/client/video_main.c
|
||||||
|
index a21e7cdf2..a8031fc86 100644
|
||||||
|
--- a/channels/video/client/video_main.c
|
||||||
|
+++ b/channels/video/client/video_main.c
|
||||||
|
@@ -930,6 +930,8 @@ static UINT video_data_on_data_received(IWTSVirtualChannelCallback* pChannelCall
|
||||||
|
Stream_Read_UINT16(s, data.PacketsInSample);
|
||||||
|
Stream_Read_UINT32(s, data.SampleNumber);
|
||||||
|
Stream_Read_UINT32(s, data.cbSample);
|
||||||
|
+ if (!Stream_CheckAndLogRequiredLength(TAG, s, data.cbSample))
|
||||||
|
+ return ERROR_INVALID_DATA;
|
||||||
|
data.pSample = Stream_Pointer(s);
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -43,6 +43,9 @@ Patch3: Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2136152
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2136152
|
||||||
Patch4: Fix-length-checks-in-parallel-driver.patch
|
Patch4: Fix-length-checks-in-parallel-driver.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2136154
|
||||||
|
Patch5: Fixed-missing-length-check-in-video-channel.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: alsa-lib-devel
|
BuildRequires: alsa-lib-devel
|
||||||
@ -310,6 +313,7 @@ find %{buildroot} -name "*.a" -delete
|
|||||||
%changelog
|
%changelog
|
||||||
* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
|
* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
|
||||||
- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
|
- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
|
||||||
|
- CVE-2022-39283: Add missing length check in video channel (#2136154)
|
||||||
|
|
||||||
* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
|
* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
|
||||||
- Fix gateway functionality with OpenSSL 3.0 (#2023262)
|
- Fix gateway functionality with OpenSSL 3.0 (#2023262)
|
||||||
|
Loading…
Reference in New Issue
Block a user