diff --git a/Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch b/Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch new file mode 100644 index 0000000..3cda0db --- /dev/null +++ b/Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch @@ -0,0 +1,122 @@ +From 6ed2f7d1a379f69cca102e8166d20eb5ed38652b Mon Sep 17 00:00:00 2001 +From: akallabeth +Date: Fri, 22 Apr 2022 16:27:21 +0200 +Subject: [PATCH] Fixed format string for Stream_CheckAndLogRequiredLength + +__LINE__ requires %d and not %PRIuz + +(cherry picked from commit 74c1a006e940308b0653427d25a87ea5a24cb573) +--- + winpr/include/winpr/stream.h | 14 ++++++++ + winpr/libwinpr/utils/stream.c | 65 +++++++++++++++++++++++++++++++++++ + 2 files changed, 79 insertions(+) + +diff --git a/winpr/include/winpr/stream.h b/winpr/include/winpr/stream.h +index f351eaa15..ed637f034 100644 +--- a/winpr/include/winpr/stream.h ++++ b/winpr/include/winpr/stream.h +@@ -27,6 +27,8 @@ + #include + #include + #include ++#include ++#include + + #ifdef __cplusplus + extern "C" +@@ -56,6 +57,19 @@ extern "C" + WINPR_API void Stream_StaticInit(wStream* s, BYTE* buffer, size_t size); + WINPR_API void Stream_Free(wStream* s, BOOL bFreeBuffer); + ++#define Stream_CheckAndLogRequiredLength(tag, s, len) \ ++ Stream_CheckAndLogRequiredLengthEx(tag, WLOG_WARN, s, len, "%s(%s:%d)", __FUNCTION__, \ ++ __FILE__, __LINE__) ++ WINPR_API BOOL Stream_CheckAndLogRequiredLengthEx(const char* tag, DWORD level, wStream* s, ++ UINT64 len, const char* fmt, ...); ++ WINPR_API BOOL Stream_CheckAndLogRequiredLengthExVa(const char* tag, DWORD level, wStream* s, ++ UINT64 len, const char* fmt, va_list args); ++ WINPR_API BOOL Stream_CheckAndLogRequiredLengthWLogEx(wLog* log, DWORD level, wStream* s, ++ UINT64 len, const char* fmt, ...); ++ WINPR_API BOOL Stream_CheckAndLogRequiredLengthWLogExVa(wLog* log, DWORD level, wStream* s, ++ UINT64 len, const char* fmt, ++ va_list args); ++ + static INLINE void Stream_Seek(wStream* s, size_t _offset) + { + s->pointer += (_offset); +diff --git a/winpr/libwinpr/utils/stream.c b/winpr/libwinpr/utils/stream.c +index 1271981b7..cc119c771 100644 +--- a/winpr/libwinpr/utils/stream.c ++++ b/winpr/libwinpr/utils/stream.c +@@ -132,3 +132,68 @@ void Stream_Free(wStream* s, BOOL bFreeBuffer) + free(s); + } + } ++ ++BOOL Stream_CheckAndLogRequiredLengthEx(const char* tag, DWORD level, wStream* s, UINT64 len, ++ const char* fmt, ...) ++{ ++ const size_t actual = Stream_GetRemainingLength(s); ++ ++ if (actual < len) ++ { ++ va_list args; ++ ++ va_start(args, fmt); ++ Stream_CheckAndLogRequiredLengthExVa(tag, level, s, len, fmt, args); ++ va_end(args); ++ ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++BOOL Stream_CheckAndLogRequiredLengthExVa(const char* tag, DWORD level, wStream* s, UINT64 len, ++ const char* fmt, va_list args) ++{ ++ const size_t actual = Stream_GetRemainingLength(s); ++ ++ if (actual < len) ++ return Stream_CheckAndLogRequiredLengthWLogExVa(WLog_Get(tag), level, s, len, fmt, args); ++ return TRUE; ++} ++ ++BOOL Stream_CheckAndLogRequiredLengthWLogEx(wLog* log, DWORD level, wStream* s, UINT64 len, ++ const char* fmt, ...) ++{ ++ const size_t actual = Stream_GetRemainingLength(s); ++ ++ if (actual < len) ++ { ++ va_list args; ++ ++ va_start(args, fmt); ++ Stream_CheckAndLogRequiredLengthWLogExVa(log, level, s, len, fmt, args); ++ va_end(args); ++ ++ return FALSE; ++ } ++ return TRUE; ++} ++ ++BOOL Stream_CheckAndLogRequiredLengthWLogExVa(wLog* log, DWORD level, wStream* s, UINT64 len, ++ const char* fmt, va_list args) ++{ ++ const size_t actual = Stream_GetRemainingLength(s); ++ ++ if (actual < len) ++ { ++ char prefix[1024] = { 0 }; ++ ++ vsnprintf(prefix, sizeof(prefix), fmt, args); ++ ++ WLog_Print(log, level, "[%s] invalid length, got %" PRIuz ", require at least %" PRIu64, ++ prefix, actual, len); ++ winpr_log_backtrace_ex(log, level, 20); ++ return FALSE; ++ } ++ return TRUE; ++} +-- +2.38.1 + diff --git a/Fixed-path-validation-in-drive-channel.patch b/Fixed-path-validation-in-drive-channel.patch index 935a047..e4567f2 100644 --- a/Fixed-path-validation-in-drive-channel.patch +++ b/Fixed-path-validation-in-drive-channel.patch @@ -16,7 +16,15 @@ diff --git a/channels/drive/client/drive_file.c b/channels/drive/client/drive_fi index 305438593..1ea4ab9da 100644 --- a/channels/drive/client/drive_file.c +++ b/channels/drive/client/drive_file.c -@@ -61,10 +61,14 @@ +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -61,10 +62,14 @@ } while (0) #endif diff --git a/freerdp.spec b/freerdp.spec index befa695..feadb04 100644 --- a/freerdp.spec +++ b/freerdp.spec @@ -22,7 +22,7 @@ Name: freerdp Version: 2.4.1 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 2 Summary: Free implementation of the Remote Desktop Protocol (RDP) License: ASL 2.0 @@ -57,6 +57,7 @@ Patch12: winpr-crt-Fix-wcs-cmp-and-wcs-len-checks.patch Patch13: winpr-crt-Added-wcsstr-implementation.patch Patch14: Fixed-path-validation-in-drive-channel.patch Patch15: Fixed-missing-stream-length-check-in-drive_file_quer.patch +Patch16: Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch BuildRequires: gcc BuildRequires: gcc-c++ @@ -323,6 +324,9 @@ find %{buildroot} -name "*.a" -delete %{_libdir}/pkgconfig/winpr-tools2.pc %changelog +* Tue Dec 13 2022 Ondrej Holy - 2:2.4.1-5 +- Fix "implicit declaration of function" errors (#2136155, #2145140) + * Thu Dec 08 2022 Ondrej Holy - - 2:2.4.1-4 - CVE-2022-39282: Fix length checks in parallel driver (#2136152) - CVE-2022-39283: Add missing length check in video channel (#2136154)