Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
xrdp.27260
xrdp-CVE-2022-23484.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xrdp-CVE-2022-23484.patch of Package xrdp.27260
From 5663cdb4ba02e4af323d837922d3920688adebe1 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Wed, 7 Dec 2022 10:03:24 +0000 Subject: [PATCH] CVE-2022-23484 Add check for RAIL window text size --- xrdp/xrdp_mm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 27f138d8..fc481367 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -981,6 +981,12 @@ xrdp_mm_process_rail_update_window_text(struct xrdp_mm* self, struct stream* s) g_memset(&rwso, 0, sizeof(rwso)); in_uint32_le(s, size); /* title size */ + if (size < 0 || !s_check_rem(s, size)) + { + log_message(LOG_LEVEL_ERROR, "%s : invalid window text size %d", + __func__, size); + return 1; + } rwso.title_info = g_malloc(size + 1, 0); in_uint8a(s, rwso.title_info, size); rwso.title_info[size] = 0; -- 2.39.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor