Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
xrdp.27351
xrdp-CVE-2022-23493.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xrdp-CVE-2022-23493.patch of Package xrdp.27351
From 88ff9886a8843f6b4631d3edcf6c9652bd76674e Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Wed, 7 Dec 2022 10:49:06 +0000 Subject: [PATCH 10/10] CVE-2022-23493 Check chansrv channel ID on a channel close Prevent OOB read if an invalid channel ID is sent. --- xrdp/xrdp_mm.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 7c8fca62..6c373da8 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -1237,6 +1237,10 @@ xrdp_mm_trans_process_drdynvc_channel_close(struct xrdp_mm* self, return 1; } in_uint32_le(s, chansrv_chan_id); + if (chansrv_chan_id < 0 || chansrv_chan_id > 255) + { + return 1; + } chan_id = self->cs2xr_cid_map[chansrv_chan_id]; /* close dynamic channel */ error = libxrdp_drdynvc_close(self->wm->session, chan_id); -- 2.39.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor