diff options
| author | Ankur Tyagi <ankur.tyagi85@gmail.com> | 2026-04-09 19:09:13 +1200 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-04-13 12:40:21 +0530 |
| commit | 7025c461c757336a039408c4635577cc4d724cd5 (patch) | |
| tree | a6e5221c188841b819cc873bcddd95f28f85ccf8 /meta-oe | |
| parent | 1bc75cd389ec9af2634738fde315a8a888fa2750 (diff) | |
| download | meta-openembedded-7025c461c757336a039408c4635577cc4d724cd5.tar.gz | |
freerdp3: fix CVE-2026-29776
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29776
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe')
| -rw-r--r-- | meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch | 30 | ||||
| -rw-r--r-- | meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | 1 |
2 files changed, 31 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch new file mode 100644 index 0000000000..0ab2114670 --- /dev/null +++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2026-29776.patch | |||
| @@ -0,0 +1,30 @@ | |||
| 1 | From 145c0c5f048894e4a7d09a4465eab7551f035bb0 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Armin Novak <armin.novak@thincast.com> | ||
| 3 | Date: Tue, 3 Mar 2026 13:58:09 +0100 | ||
| 4 | Subject: [PATCH] [core,orders] improve input validation | ||
| 5 | |||
| 6 | check length before subtracting. Might underflow and be cought by the | ||
| 7 | next check, but lets be strict. | ||
| 8 | |||
| 9 | (cherry picked from commit a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a) | ||
| 10 | |||
| 11 | CVE: CVE-2026-29776 | ||
| 12 | Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/a9e0abf2eac8c2e370fa155bf1abb9d044c0ca8a] | ||
| 13 | Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> | ||
| 14 | --- | ||
| 15 | libfreerdp/core/orders.c | 2 ++ | ||
| 16 | 1 file changed, 2 insertions(+) | ||
| 17 | |||
| 18 | diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c | ||
| 19 | index 855b700ac..a9d779418 100644 | ||
| 20 | --- a/libfreerdp/core/orders.c | ||
| 21 | +++ b/libfreerdp/core/orders.c | ||
| 22 | @@ -2214,6 +2214,8 @@ static CACHE_BITMAP_ORDER* update_read_cache_bitmap_order(rdpUpdate* update, wSt | ||
| 23 | goto fail; | ||
| 24 | |||
| 25 | Stream_Read(s, bitmapComprHdr, 8); /* bitmapComprHdr (8 bytes) */ | ||
| 26 | + if (cache_bitmap->bitmapLength < 8) | ||
| 27 | + goto fail; | ||
| 28 | cache_bitmap->bitmapLength -= 8; | ||
| 29 | } | ||
| 30 | } | ||
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index e3d71ee854..74f80ee948 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | |||
| @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \ | |||
| 33 | file://CVE-2026-24683.patch \ | 33 | file://CVE-2026-24683.patch \ |
| 34 | file://CVE-2026-29774.patch \ | 34 | file://CVE-2026-29774.patch \ |
| 35 | file://CVE-2026-29775.patch \ | 35 | file://CVE-2026-29775.patch \ |
| 36 | file://CVE-2026-29776.patch \ | ||
| 36 | " | 37 | " |
| 37 | 38 | ||
| 38 | S = "${WORKDIR}/git" | 39 | S = "${WORKDIR}/git" |
