Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
xrdp.29800
xrdp-CVE-2022-23477.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xrdp-CVE-2022-23477.patch of Package xrdp.29800
From 1ba314c80ebd18ee4c4d8459b79d6ee8badf1ad0 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Tue, 6 Dec 2022 11:31:31 +0000 Subject: [PATCH] CVE-2022-23477 Prevent buffer overflow for oversized audio format from client --- sesman/chansrv/audin.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/sesman/chansrv/audin.c b/sesman/chansrv/audin.c index 1ca2de30..9d25749b 100644 --- a/sesman/chansrv/audin.c +++ b/sesman/chansrv/audin.c @@ -181,15 +181,16 @@ audin_send_open(int chan_id) int error; int bytes; struct stream *s; - struct xr_wave_format_ex *wf; + struct xr_wave_format_ex *wf = g_client_formats[g_current_format]; LOG(0, ("audin_send_open:")); make_stream(s); - init_stream(s, 8192); + /* wf->cbSize was checked when the format was received */ + init_stream(s, wf->cbSize + 64); + out_uint8(s, MSG_SNDIN_OPEN); out_uint32_le(s, 2048); /* FramesPerPacket */ out_uint32_le(s, g_current_format); /* initialFormat */ - wf = g_client_formats[g_current_format]; out_uint16_le(s, wf->wFormatTag); out_uint16_le(s, wf->nChannels); out_uint32_le(s, wf->nSamplesPerSec); -- 2.39.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor