Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.3:Update
freerdp.26972
freerdp-CVE-2022-39283.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File freerdp-CVE-2022-39283.patch of Package freerdp.26972
From acb15782355338846cf6902426c9a57f5bc432cd Mon Sep 17 00:00:00 2001 From: akallabeth <akallabeth@posteo.net> Date: Thu, 6 Oct 2022 09:15:40 +0200 Subject: [PATCH] Fixed missing length check in video channel Data received in video redirection channel was not checked for proper length. --- channels/video/client/video_main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/channels/video/client/video_main.c b/channels/video/client/video_main.c index 9a68d92d3..d9dd5ab17 100644 --- a/channels/video/client/video_main.c +++ b/channels/video/client/video_main.c @@ -929,6 +929,8 @@ static UINT video_data_on_data_received(IWTSVirtualChannelCallback* pChannelCall Stream_Read_UINT16(s, data.PacketsInSample); Stream_Read_UINT32(s, data.SampleNumber); Stream_Read_UINT32(s, data.cbSample); + if (!Stream_GetRemainingLength(s) < data.cbSample) + return ERROR_INVALID_DATA; data.pSample = Stream_Pointer(s); /* -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
