xrdp: patch CVE-2022-23468

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468 Pick the patch that mentions this vulnerability explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 1cb08277fe367850eb130c0995d85dca8e609787) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-01-24 07:29:56 +0100
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-02-02 08:12:55 +0530
commit: c7570405e8d2fd77a94473d533d91a8dce2ab984 (patch)
tree: 089c718e236c28d557b89bb1838e2f5d704ffa0f
parent: 508aa14cd85ae58c31d2c5264f50c01d910d6836 (diff)
download: meta-openembedded-c7570405e8d2fd77a94473d533d91a8dce2ab984.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch
new file mode 100644
index 0000000000..6f8b3a0fb1
--- /dev/null
+++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch
@@ -0,0 +1,34 @@
+From 43cf272b1138462c1bdfc48ef7e9142208194382 Mon Sep 17 00:00:00 2001
+From: matt335672 <30179339+matt335672@users.noreply.github.com>
+Date: Wed, 7 Dec 2022 09:16:44 +0000
+Subject: [PATCH] CVE-2022-23468
+Login window - replace g_sprintf() withl g_snprintf() calls
+CVE: CVE-2022-23468
+Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ xrdp/xrdp_login_wnd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
+index 7a3134fd3e..28748676a1 100644
+--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
+@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
+     if (globals->ls_title[0] == 0)
+     {
+         g_gethostname(buf1, 256);
+-        g_sprintf(buf, "Login to %s", buf1);
+        g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
+         set_string(&self->login_window->caption1, buf);
+     }
+     else
+     {
+         /*self->login_window->caption1 = globals->ls_title[0];*/
+-        g_sprintf(buf, "%s", globals->ls_title);
+        g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
+         set_string(&self->login_window->caption1, buf);
+     }
+ 
diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
index a60c125d06..d2527950d5 100644
--- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
+++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
           file://0001-Fix-the-compile-error.patch \
           file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
           file://0001-mark-count-with-unused-attribute.patch \
+           file://CVE-2022-23468.patch \
           "
 SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-01-24 07:29:56 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-02-02 08:12:55 +0530
commit	c7570405e8d2fd77a94473d533d91a8dce2ab984 (patch)
tree	089c718e236c28d557b89bb1838e2f5d704ffa0f
parent	508aa14cd85ae58c31d2c5264f50c01d910d6836 (diff)
download	meta-openembedded-c7570405e8d2fd77a94473d533d91a8dce2ab984.tar.gz

diff --git a/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch new file mode 100644 index 0000000000..6f8b3a0fb1 --- /dev/null +++ b/meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch
@@ -0,0 +1,34 @@
		1	From 43cf272b1138462c1bdfc48ef7e9142208194382 Mon Sep 17 00:00:00 2001
		2	From: matt335672 <30179339+matt335672@users.noreply.github.com>
		3	Date: Wed, 7 Dec 2022 09:16:44 +0000
		4	Subject: [PATCH] CVE-2022-23468
		5
		6	Login window - replace g_sprintf() withl g_snprintf() calls
		7
		8	CVE: CVE-2022-23468
		9	Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382]
		10	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		11	---
		12	xrdp/xrdp_login_wnd.c \| 4 ++--
		13	1 file changed, 2 insertions(+), 2 deletions(-)
		14
		15	diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
		16	index 7a3134fd3e..28748676a1 100644
		17	--- a/xrdp/xrdp_login_wnd.c
		18	+++ b/xrdp/xrdp_login_wnd.c
		19	@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
		20	if (globals->ls_title[0] == 0)
		21	{
		22	g_gethostname(buf1, 256);
		23	- g_sprintf(buf, "Login to %s", buf1);
		24	+ g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
		25	set_string(&self->login_window->caption1, buf);
		26	}
		27	else
		28	{
		29	/self->login_window->caption1 = globals->ls_title[0];/
		30	- g_sprintf(buf, "%s", globals->ls_title);
		31	+ g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
		32	set_string(&self->login_window->caption1, buf);
		33	}
		34


diff --git a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb index a60c125d06..d2527950d5 100644 --- a/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb +++ b/meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
16	file://0001-Fix-the-compile-error.patch \	16	file://0001-Fix-the-compile-error.patch \
17	file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \	17	file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
18	file://0001-mark-count-with-unused-attribute.patch \	18	file://0001-mark-count-with-unused-attribute.patch \
		19	file://CVE-2022-23468.patch \
19	"	20	"
20		21
21	SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"	22	SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"