Fix "implicit declaration of function" errors

2023-05-18 11:17:37 +00:00
4 changed files with 137 additions and 2 deletions
--- a/.freerdp.metadata
+++ b/.freerdp.metadata
@ -0,0 +1 @@
 03ba0409951eaf50023cd4aac9bd49e443225a2f FreeRDP-2.4.1.tar.gz
--- a/Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch
+++ b/Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch
@ -0,0 +1,122 @@
 From 6ed2f7d1a379f69cca102e8166d20eb5ed38652b Mon Sep 17 00:00:00 2001
 From: akallabeth <akallabeth@posteo.net>
 Date: Fri, 22 Apr 2022 16:27:21 +0200
 Subject: [PATCH] Fixed format string for Stream_CheckAndLogRequiredLength
 __LINE__ requires %d and not %PRIuz
 (cherry picked from commit 74c1a006e940308b0653427d25a87ea5a24cb573)
 ---
 winpr/include/winpr/stream.h  | 14 ++++++++
 winpr/libwinpr/utils/stream.c | 65 +++++++++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 diff --git a/winpr/include/winpr/stream.h b/winpr/include/winpr/stream.h
 index f351eaa15..ed637f034 100644
 --- a/winpr/include/winpr/stream.h
 +++ b/winpr/include/winpr/stream.h
@@ -27,6 +27,8 @@
 #include <winpr/wtypes.h>
 #include <winpr/endian.h>
 #include <winpr/synch.h>
 +#include <winpr/wlog.h>
 +#include <winpr/debug.h>
 #ifdef __cplusplus
 extern "C"
@@ -56,6 +57,19 @@ extern "C"
 	WINPR_API void Stream_StaticInit(wStream* s, BYTE* buffer, size_t size);
 	WINPR_API void Stream_Free(wStream* s, BOOL bFreeBuffer);
 +#define Stream_CheckAndLogRequiredLength(tag, s, len)                                     \
 +	Stream_CheckAndLogRequiredLengthEx(tag, WLOG_WARN, s, len, "%s(%s:%d)", __FUNCTION__, \
 +	                                   __FILE__, __LINE__)
 +	WINPR_API BOOL Stream_CheckAndLogRequiredLengthEx(const char* tag, DWORD level, wStream* s,
 +	                                                  UINT64 len, const char* fmt, ...);
 +	WINPR_API BOOL Stream_CheckAndLogRequiredLengthExVa(const char* tag, DWORD level, wStream* s,
 +	                                                    UINT64 len, const char* fmt, va_list args);
 +	WINPR_API BOOL Stream_CheckAndLogRequiredLengthWLogEx(wLog* log, DWORD level, wStream* s,
 +	                                                      UINT64 len, const char* fmt, ...);
 +	WINPR_API BOOL Stream_CheckAndLogRequiredLengthWLogExVa(wLog* log, DWORD level, wStream* s,
 +	                                                        UINT64 len, const char* fmt,
 +	                                                        va_list args);
 +
 	static INLINE void Stream_Seek(wStream* s, size_t _offset)
 	{
 		s->pointer += (_offset);
 diff --git a/winpr/libwinpr/utils/stream.c b/winpr/libwinpr/utils/stream.c
 index 1271981b7..cc119c771 100644
 --- a/winpr/libwinpr/utils/stream.c
 +++ b/winpr/libwinpr/utils/stream.c
@@ -132,3 +132,68 @@ void Stream_Free(wStream* s, BOOL bFreeBuffer)
 			free(s);
 	}
 }
 +
 +BOOL Stream_CheckAndLogRequiredLengthEx(const char* tag, DWORD level, wStream* s, UINT64 len,
 +                                        const char* fmt, ...)
 +{
 +	const size_t actual = Stream_GetRemainingLength(s);
 +
 +	if (actual < len)
 +	{
 +		va_list args;
 +
 +		va_start(args, fmt);
 +		Stream_CheckAndLogRequiredLengthExVa(tag, level, s, len, fmt, args);
 +		va_end(args);
 +
 +		return FALSE;
 +	}
 +	return TRUE;
 +}
 +
 +BOOL Stream_CheckAndLogRequiredLengthExVa(const char* tag, DWORD level, wStream* s, UINT64 len,
 +                                          const char* fmt, va_list args)
 +{
 +	const size_t actual = Stream_GetRemainingLength(s);
 +
 +	if (actual < len)
 +		return Stream_CheckAndLogRequiredLengthWLogExVa(WLog_Get(tag), level, s, len, fmt, args);
 +	return TRUE;
 +}
 +
 +BOOL Stream_CheckAndLogRequiredLengthWLogEx(wLog* log, DWORD level, wStream* s, UINT64 len,
 +                                            const char* fmt, ...)
 +{
 +	const size_t actual = Stream_GetRemainingLength(s);
 +
 +	if (actual < len)
 +	{
 +		va_list args;
 +
 +		va_start(args, fmt);
 +		Stream_CheckAndLogRequiredLengthWLogExVa(log, level, s, len, fmt, args);
 +		va_end(args);
 +
 +		return FALSE;
 +	}
 +	return TRUE;
 +}
 +
 +BOOL Stream_CheckAndLogRequiredLengthWLogExVa(wLog* log, DWORD level, wStream* s, UINT64 len,
 +                                              const char* fmt, va_list args)
 +{
 +	const size_t actual = Stream_GetRemainingLength(s);
 +
 +	if (actual < len)
 +	{
 +		char prefix[1024] = { 0 };
 +
 +		vsnprintf(prefix, sizeof(prefix), fmt, args);
 +
 +		WLog_Print(log, level, "[%s] invalid length, got %" PRIuz ", require at least %" PRIu64,
 +		           prefix, actual, len);
 +		winpr_log_backtrace_ex(log, level, 20);
 +		return FALSE;
 +	}
 +	return TRUE;
 +}
 -- 
 2.38.1
--- a/Fixed-path-validation-in-drive-channel.patch
+++ b/Fixed-path-validation-in-drive-channel.patch
@ -16,7 +16,15 @@ diff --git a/channels/drive/client/drive_file.c b/channels/drive/client/drive_fi
 index 305438593..1ea4ab9da 100644
 --- a/channels/drive/client/drive_file.c
 +++ b/channels/drive/client/drive_file.c
-@@ -61,10 +61,14 @@
+@@ -34,6 +34,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 +#include <assert.h>
 #include <winpr/wtypes.h>
 #include <winpr/crt.h>
@@ -61,10 +62,14 @@
 	} while (0)
 #endif
--- a/freerdp.spec
+++ b/freerdp.spec
@ -22,7 +22,7 @@
 Name:           freerdp
 Version:        2.4.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Epoch:          2
 Summary:        Free implementation of the Remote Desktop Protocol (RDP)
 License:        ASL 2.0
@ -57,6 +57,7 @@ Patch12:        winpr-crt-Fix-wcs-cmp-and-wcs-len-checks.patch
 Patch13:        winpr-crt-Added-wcsstr-implementation.patch
 Patch14:        Fixed-path-validation-in-drive-channel.patch
 Patch15:        Fixed-missing-stream-length-check-in-drive_file_quer.patch
 Patch16:        Fixed-format-string-for-Stream_CheckAndLogRequiredLe.patch
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@ -323,6 +324,9 @@ find %{buildroot} -name "*.a" -delete
 %{_libdir}/pkgconfig/winpr-tools2.pc
 %changelog
 * Tue Dec 13 2022 Ondrej Holy <oholy@redhat.com> - 2:2.4.1-5
 - Fix "implicit declaration of function" errors (#2136155, #2145140)
 * Thu Dec 08 2022 Ondrej Holy <oholy@redhat.com> - - 2:2.4.1-4
 - CVE-2022-39282: Fix length checks in parallel driver (#2136152)
 - CVE-2022-39283: Add missing length check in video channel (#2136154)
		`@ -0,0 +1 @@`
							`03ba0409951eaf50023cd4aac9bd49e443225a2f FreeRDP-2.4.1.tar.gz`