CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

xrdp: patch CVE-2022-23468

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari 2025-12-04 08:56:24 +01:00 committed by Anuj Mittal
parent 5a52615450
commit 1cb08277fe
No known key found for this signature in database
GPG Key ID: 4340AEFE69F5085C
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
meta-oe/recipes-support/xrdp/xrdp/CVE-2022-23468.patch Normal file
View File

@ -0,0 +1,34 @@
From 43cf272b1138462c1bdfc48ef7e9142208194382 Mon Sep 17 00:00:00 2001
From: matt335672 <30179339+matt335672@users.noreply.github.com>
Date: Wed, 7 Dec 2022 09:16:44 +0000
Subject: [PATCH] CVE-2022-23468
Login window - replace g_sprintf() withl g_snprintf() calls
CVE: CVE-2022-23468
Upstream-Status: Backport [https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
xrdp/xrdp_login_wnd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 7a3134fd3e..28748676a1 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -722,13 +722,13 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
if (globals->ls_title[0] == 0)
{
g_gethostname(buf1, 256);
- g_sprintf(buf, "Login to %s", buf1);
+ g_snprintf(buf, sizeof(buf), "Login to %s", buf1);
set_string(&self->login_window->caption1, buf);
}
else
{
/*self->login_window->caption1 = globals->ls_title[0];*/
- g_sprintf(buf, "%s", globals->ls_title);
+ g_snprintf(buf, sizeof(buf), "%s", globals->ls_title);
set_string(&self->login_window->caption1, buf);
}

1
meta-oe/recipes-support/xrdp/xrdp_0.9.20.bb
View File

@ -16,6 +16,7 @@ SRC_URI = "https://github.com/neutrinolabs/${BPN}/releases/download/v${PV}/${BPN
file://0001-Fix-the-compile-error.patch \
file://0001-arch-Define-NO_NEED_ALIGN-on-ppc64.patch \
file://0001-mark-count-with-unused-attribute.patch \
file://CVE-2022-23468.patch \
"
SRC_URI[sha256sum] = "db693401da95b71b4d4e4c99aeb569a546dbdbde343f6d3302b0c47653277abb"