CVE-2022-39282: Fix length checks in parallel driver
Resolves: #2136152
This commit is contained in:
parent
6e02d7e8a6
commit
96676737fa
37
Fix-length-checks-in-parallel-driver.patch
Normal file
37
Fix-length-checks-in-parallel-driver.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From 64544c7f4ed72b3023955ebe6ad3b118ebb8d6c7 Mon Sep 17 00:00:00 2001
|
||||
From: akallabeth <akallabeth@posteo.net>
|
||||
Date: Thu, 6 Oct 2022 09:12:40 +0200
|
||||
Subject: [PATCH] Fix length checks in parallel driver
|
||||
|
||||
The length requested was not checked against the length read from
|
||||
the port.
|
||||
|
||||
(cherry picked from commit 094cc5a4596c299595b732effd59ee149181fd61)
|
||||
---
|
||||
channels/parallel/client/parallel_main.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c
|
||||
index af3e82703..993605a65 100644
|
||||
--- a/channels/parallel/client/parallel_main.c
|
||||
+++ b/channels/parallel/client/parallel_main.c
|
||||
@@ -159,7 +159,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
|
||||
return ERROR_INVALID_DATA;
|
||||
Stream_Read_UINT32(irp->input, Length);
|
||||
Stream_Read_UINT64(irp->input, Offset);
|
||||
- buffer = (BYTE*)malloc(Length);
|
||||
+ buffer = (BYTE*)calloc(Length, sizeof(BYTE));
|
||||
|
||||
if (!buffer)
|
||||
{
|
||||
@@ -178,6 +178,7 @@ static UINT parallel_process_irp_read(PARALLEL_DEVICE* parallel, IRP* irp)
|
||||
}
|
||||
else
|
||||
{
|
||||
+ Length = status;
|
||||
}
|
||||
|
||||
Stream_Write_UINT32(irp->output, Length);
|
||||
--
|
||||
2.37.1
|
||||
|
@ -22,7 +22,7 @@
|
||||
|
||||
Name: freerdp
|
||||
Version: 2.4.1
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 2
|
||||
Summary: Free implementation of the Remote Desktop Protocol (RDP)
|
||||
License: ASL 2.0
|
||||
@ -40,6 +40,9 @@ Patch2: winpr-ssl-Load-legacy-provider-when-initializing-Ope.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2023262
|
||||
Patch3: Implement-BIO_CTRL_GET_KTLS_SEND-and-BIO_CTRL_GET_KT.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2136152
|
||||
Patch4: Fix-length-checks-in-parallel-driver.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: alsa-lib-devel
|
||||
@ -305,6 +308,9 @@ find %{buildroot} -name "*.a" -delete
|
||||
%{_libdir}/pkgconfig/winpr-tools2.pc
|
||||
|
||||
%changelog
|
||||
* Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
|
||||
- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
|
||||
|
||||
* Wed Jun 22 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-3
|
||||
- Fix gateway functionality with OpenSSL 3.0 (#2023262)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user