freerdp3: patch CVE-2025-68118

Details https://nvd.nist.gov/vuln/detail/CVE-2025-68118 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-01 13:58:06 +00:00 · 2025-12-24 11:31:50 +05:30 · 2025-12-24 11:31:50 +05:30 · 19d7eedf67
commit 19d7eedf67
parent c8f7748616
2 changed files with 58 additions and 0 deletions
--- a/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
+++ b/meta-oe/recipes-support/freerdp/freerdp3/CVE-2025-68118.patch
@ -0,0 +1,57 @@
+From 054ff633bb1eac3d165a501d5eb691af1faf0538 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Sat, 13 Dec 2025 17:28:43 +0100
+Subject: [PATCH] [crypto,certificate_data] add some hostname sanitation
+
+CVE: CVE-2025-68118
+Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/83d96a81f320cb8a047fd4ef059a6fe4016dbeec]
+(cherry picked from commit 83d96a81f320cb8a047fd4ef059a6fe4016dbeec)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ libfreerdp/crypto/certificate_data.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/libfreerdp/crypto/certificate_data.c b/libfreerdp/crypto/certificate_data.c
+index a48beb448..6408d5d3c 100644
+--- a/libfreerdp/crypto/certificate_data.c
+++ b/libfreerdp/crypto/certificate_data.c
+@@ -33,6 +33,8 @@
+ #include <freerdp/crypto/certificate_data.h>
+ 
+ #include "certificate.h"
+#include <freerdp/log.h>
+#define TAG FREERDP_TAG("crypto.certificate_data")
+ 
+ #include <freerdp/log.h>
+ #define TAG FREERDP_TAG("crypto")
+@@ -64,8 +66,9 @@ static BOOL freerdp_certificate_data_load_cache(rdpCertificateData* data)
+ 	WINPR_ASSERT(data);
+ 
+ 	freerdp_certificate_data_hash_(data->hostname, data->port, data->cached_hash,
+-	                               sizeof(data->cached_hash));
+-	if (strnlen(data->cached_hash, sizeof(data->cached_hash)) == 0)
+	                               sizeof(data->cached_hash) - 1);
+	const size_t len = strnlen(data->cached_hash, sizeof(data->cached_hash));
+	if ((len == 0) || (len >= sizeof(data->cached_hash)))
+ 		goto fail;
+ 
+ 	data->cached_subject = freerdp_certificate_get_subject(data->cert);
+@@ -97,6 +100,11 @@ static rdpCertificateData* freerdp_certificate_data_new_nocopy(const char* hostn
+ 
+ 	if (!hostname || !xcert)
+ 		goto fail;
+	if (strnlen(hostname, MAX_PATH) >= MAX_PATH)
+	{
+		WLog_ERR(TAG, "hostname exceeds length limits");
+		goto fail;
+	}
+ 
+ 	certdata = (rdpCertificateData*)calloc(1, sizeof(rdpCertificateData));
+ 
+@@ -251,5 +259,5 @@ char* freerdp_certificate_data_hash(const char* hostname, UINT16 port)
+ {
+ 	char name[MAX_PATH + 10] = { 0 };
+ 	freerdp_certificate_data_hash_(hostname, port, name, sizeof(name));
+-	return _strdup(name);
+	return strndup(name, sizeof(name));
+ }
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@ -20,6 +20,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=master;protocol=https \
           file://CVE-2024-32661.patch \
           file://CVE-2024-32662.patch \
           file://CVE-2025-4478.patch \
+           file://CVE-2025-68118.patch \
           "

 S = "${WORKDIR}/git"