helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

freerdp: patch CVE-2026-23532

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-23532

The related Github advisory[1] contains a detailed analysis about
the vulnerability. Pick the patch that describes the same
issue in its description.

[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-24 18:04:47 +01:00 committed by Khem Raj
parent df8905be0f
commit d79130035f
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
meta-oe/recipes-support/freerdp/freerdp/CVE-2026-23532.patch Normal file
View File

@ -0,0 +1,49 @@
From 51929613e6897489736a35eaaf14a3accf143963 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 15 Jan 2026 12:04:36 +0100
Subject: [PATCH] properly clamp SurfaceToSurface
From: akallabeth <akallabeth@posteo.net>
CVE: CVE-2026-23532
Upstream-Status: Backport [https://github.com/FreeRDP/FreeRDP/commit/c4a7c371342edf0d307cea728f56d3302f0ab38c]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
libfreerdp/gdi/gfx.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/libfreerdp/gdi/gfx.c b/libfreerdp/gdi/gfx.c
index 3970715e0..812568bbb 100644
--- a/libfreerdp/gdi/gfx.c
+++ b/libfreerdp/gdi/gfx.c
@@ -1175,7 +1175,6 @@ static UINT gdi_SurfaceToSurface(RdpgfxClientContext* context,
UINT status = ERROR_INTERNAL_ERROR;
UINT16 index;
BOOL sameSurface;
- UINT32 nWidth, nHeight;
const RECTANGLE_16* rectSrc;
RECTANGLE_16 invalidRect;
gdiGfxSurface* surfaceSrc;
@@ -1199,8 +1198,8 @@ static UINT gdi_SurfaceToSurface(RdpgfxClientContext* context,
if (!is_rect_valid(rectSrc, surfaceSrc->width, surfaceSrc->height))
goto fail;
- nWidth = rectSrc->right - rectSrc->left;
- nHeight = rectSrc->bottom - rectSrc->top;
+ const UINT32 nWidth = rectSrc->right - rectSrc->left;
+ const UINT32 nHeight = rectSrc->bottom - rectSrc->top;
for (index = 0; index < surfaceToSurface->destPtsCount; index++)
{
@@ -1209,8 +1208,10 @@ static UINT gdi_SurfaceToSurface(RdpgfxClientContext* context,
if (!is_rect_valid(&rect, surfaceDst->width, surfaceDst->height))
goto fail;
+ const UINT32 rwidth = rect.right - rect.left;
+ const UINT32 rheight = rect.bottom - rect.top;
if (!freerdp_image_copy(surfaceDst->data, surfaceDst->format, surfaceDst->scanline,
- destPt->x, destPt->y, nWidth, nHeight, surfaceSrc->data,
+ destPt->x, destPt->y, rwidth, rheight, surfaceSrc->data,
surfaceSrc->format, surfaceSrc->scanline, rectSrc->left,
rectSrc->top, NULL, FREERDP_FLIP_NONE))
goto fail;

1
meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
View File

@ -28,6 +28,7 @@ SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https
file://CVE-2026-22855.patch \
file://CVE-2026-22852.patch \
file://CVE-2026-23530.patch \
file://CVE-2026-23532.patch \
"