Cherry-pick upstream patch for CVE-2023-39351.

2023-10-07 10:58:09 +02:00 · 2023-10-07 10:58:09 +02:00 · a4c483bc30
commit a4c483bc30
parent 43cbb16760
3 changed files with 20 additions and 1 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -14,7 +14,7 @@ freerdp2 (2.3.0+dfsg1-2~deb10u3) UNRELEASED; urgency=medium
     CVE-2020-13397 CVE-2020-13398 and
     CVE-2020-15103 (Closes: #965979)
  * Backporting remaining issues: (Closes: #1051638)
-    CVE-2023-39350 CVE-2023-39354 CVE-2023-39355 CVE-2023-40589
+    CVE-2023-39350 CVE-2023-39351

 -- Tobias Frost <tobi@debian.org>  Mon, 02 Oct 2023 17:10:48 +0200

--- a/debian/patches/0037-CVE-2023-39351.patch
+++ b/debian/patches/0037-CVE-2023-39351.patch
@ -0,0 +1,18 @@
+Description: Upstream fix for CVE-2023-39351 - Null Pointer Dereference leading DOS in RemoteFX
+Origin: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5
+Bug: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051638
+--- a/libfreerdp/codec/rfx.c
+++ b/libfreerdp/codec/rfx.c
+@@ -1235,6 +1235,11 @@
+ 		region16_uninit(&clippingRects);
+ 		return TRUE;
+ 	}
+	else
+	{
+		rfx_message_free(context, message);
+		context->currentMessage.freeArray = TRUE;
+	}
+ 
+ 	return FALSE;
+ }
--- a/debian/patches/series
+++ b/debian/patches/series
@ -24,3 +24,4 @@
 0035-Fixed-6989-Use-X509_STORE_set_default_paths.patch
 1001_keep-symbol-DumpThreadHandles-if-debugging-is-disabled.patch
 0036-CVE-2023-39350.patch
+0037-CVE-2023-39351.patch