CVE-2022-39282: Fix length checks in parallel driver
Resolves: #2136152
This commit is contained in:
parent
6e02d7e8a6
commit
96676737fa
37
Fix-length-checks-in-parallel-driver.patch
Normal file
37
Fix-length-checks-in-parallel-driver.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 64544c7f4ed72b3023955ebe6ad3b118ebb8d6c7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: akallabeth <akallabeth@posteo.net>
|
||||||
|
Date: Thu, 6 Oct 2022 09:12:40 +0200
|
||||||
|
Subject: [PATCH] Fix length checks in parallel driver
|
||||||
|
|
||||||
|
The length requested was not checked against the length read from
|
||||||
|
the port.
|
||||||
|
|
||||||
|
(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61)
|
||||||
|
---
|
||||||
|
channels/parallel/client/parallel_main.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c
|
||||||
|
index af3e82703..993605a65 100644
|
||||||
|
--- a/channels/parallel/client/parallel_main.c
|
||||||
|
+++ b/channels/parallel/client/parallel_main.c
|
||||||
|
@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
|
||||||
|
return ERROR_INVALID_DATA;
|
||||||
|
Stream_Read_UINT32(irp->input, Length);
|
||||||
|
Stream_Read_UINT64(irp->input, Offset);
|
||||||
|
- buffer = (BYTE*)malloc(Length);
|
||||||
|
+ buffer = (BYTE*)calloc(Length, sizeof(BYTE));
|
||||||
|
|
||||||
|
if (!buffer)
|
||||||
|
{
|
||||||
|
@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
+ Length = status;
|
||||||
|
}
|
||||||
|
|
||||||
|
Stream_Write_UINT32(irp->output, Length);
|
||||||
|
--
|
||||||
|
2.37.1
|
||||||
|
|
@ -22,7 +22,7 @@
|
|||||||
|
|
||||||
Name: freerdp
|
Name: freerdp
|
||||||
Version: 2.4.1
|
Version: 2.4.1
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
Summary: Free implementation of the Remote Desktop Protocol (RDP)
|
Summary: Free implementation of the Remote Desktop Protocol (RDP)
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
@ -40,6 +40,9 @@ Patch2: winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
|
|||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2023262
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2023262
|
||||||
Patch3: Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch
|
Patch3: Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch
|
||||||
|
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2136152
|
||||||
|
Patch4: Fix-length-checks-in-parallel-driver.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: alsa-lib-devel
|
BuildRequires: alsa-lib-devel
|
||||||
@ -305,6 +308,9 @@ find %{buildroot} -name "*.a" -delete
|
|||||||
%{_libdir}/pkgconfig/winpr-tools2.pc
|
%{_libdir}/pkgconfig/winpr-tools2.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
|
||||||
|
- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
|
||||||
|
|
||||||
* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
|
* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
|
||||||
- Fix gateway functionality with OpenSSL 3.0 (#2023262)
|
- Fix gateway functionality with OpenSSL 3.0 (#2023262)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user