summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-01-24 07:29:57 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-02-02 08:12:56 +0530
commit72c3d49f78b9e1e32af3ceeb8a4507503c2fab02 (patch)
tree363b345b7b70e5ac1f7ca7563b3bfc407b8c8364
parentc7570405e8d2fd77a94473d533d91a8dce2ab984 (diff)
downloadmeta-openembedded-72c3d49f78b9e1e32af3ceeb8a4507503c2fab02.tar.gz
xrdp: patch CVE-2022-23477
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477 Pick the patch that mentions this vulnerability explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit a6efc5b2850036cadb044eb8de8bde2e54c97c28) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat
-rw-r--r--meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch38
-rw-r--r--meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch
new file mode 100644
index 0000000000..5c2b48a507
--- /dev/null
+++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23477.patch
@@ -0,0 +1,38 @@
1From d49f269af82be5f14b193d4edfcb63b547a16ff4 Mon Sep 17 00:00:00 2001
2From: matt335672 <30179339+matt335672@users.noreply.github.com>
3Date: Tue, 6 Dec 2022 11:31:31 +0000
4Subject: [PATCH] CVE-2022-23477
5
6Prevent buffer overflow for oversized audio format from client
7
8CVE: CVE-2022-23477
9Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/d49f269af82be5f14b193d4edfcb63b547a16ff4]
10Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
11---
12 sesman/chansrv/audin.c | 7 ++++---
13 1 file changed, 4 insertions(+), 3 deletions(-)
14
15diff --git a/sesman/chansrv/audin.c b/sesman/chansrv/audin.c
16index cd802fa519..36a8027a57 100644
17--- a/sesman/chansrv/audin.c
18+++ b/sesman/chansrv/audin.c
19@@ -181,15 +181,16 @@ audin_send_open(int chan_id)
20 int error;
21 int bytes;
22 struct stream *s;
23- struct xr_wave_format_ex *wf;
24+ struct xr_wave_format_ex *wf = g_client_formats[g_current_format];
25
26 LOG_DEVEL(LOG_LEVEL_INFO, "audin_send_open:");
27 make_stream(s);
28- init_stream(s, 8192);
29+ /* wf->cbSize was checked when the format was received */
30+ init_stream(s, wf->cbSize + 64);
31+
32 out_uint8(s, MSG_SNDIN_OPEN);
33 out_uint32_le(s, 2048); /* FramesPerPacket */
34 out_uint32_le(s, g_current_format); /* initialFormat */
35- wf = g_client_formats[g_current_format];
36 out_uint16_le(s, wf->wFormatTag);
37 out_uint16_le(s, wf->nChannels);
38 out_uint32_le(s, wf->nSamplesPerSec);
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
index d2527950d5..a953342910 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
17 file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \ 17 file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
18 file://0001-mark-count-with-unused-attribute.patch \ 18 file://0001-mark-count-with-unused-attribute.patch \
19 file://CVE-2022-23468.patch \ 19 file://CVE-2022-23468.patch \
20 file://CVE-2022-23477.patch \
20 " 21 "
21 22
22SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb" 23SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-03-26 17:32:29 +0000