diff options
Diffstat (limited to 'meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch')
-rw-r--r-- | meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch b/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch deleted file mode 100644 index 4c93647f67..0000000000 --- a/meta-oe/recipes-support/xrdp/xrdp/0001-Fix-of-CVE-2017-16927.patch +++ /dev/null @@ -1,148 +0,0 @@ -Subject: [PATCH] Fix CVE-2017-16927 - -sesman: scpv0, accept variable length data fields - -Upstream-Status: Backport - ---- - sesman/libscp/libscp_v0.c | 32 +++++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) - -diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c -index 5a0c8bf..5693407 100644 ---- a/sesman/libscp/libscp_v0.c -+++ b/sesman/libscp/libscp_v0.c -@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - struct SCP_SESSION *session = 0; - tui16 sz; - tui32 code = 0; -- char buf[257]; -+ char *buf = 0; - - if (!skipVchk) - { -@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - /* reading username */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -- -+ buf[sz] = '\0'; - if (0 != scp_session_set_username(session, buf)) - { - scp_session_destroy(session); - log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* reading password */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -- -+ buf[sz] = '\0'; - if (0 != scp_session_set_password(session, buf)) - { - scp_session_destroy(session); - log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* width */ - in_uint16_be(c->in_s, sz); -@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_domain(session, buf); -+ g_free(buf); - } - } - -@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_program(session, buf); -+ g_free(buf); - } - } - -@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_directory(session, buf); -+ g_free(buf); - } - } - -@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - - if (sz > 0) - { -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); - buf[sz] = '\0'; - scp_session_set_client_ip(session, buf); -+ g_free(buf); - } - } - } -@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - scp_session_set_type(session, SCP_GW_AUTHENTICATION); - /* reading username */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -+ buf[sz] = '\0'; - - /* g_writeln("Received user name: %s",buf); */ - if (0 != scp_session_set_username(session, buf)) - { - scp_session_destroy(session); - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - - /* reading password */ - in_uint16_be(c->in_s, sz); -- buf[sz] = '\0'; -+ buf = g_new0(char, sz); - in_uint8a(c->in_s, buf, sz); -+ buf[sz] = '\0'; - - /* g_writeln("Received password: %s",buf); */ - if (0 != scp_session_set_password(session, buf)) - { - scp_session_destroy(session); - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ -+ g_free(buf); - return SCP_SERVER_STATE_INTERNAL_ERR; - } -+ g_free(buf); - } - else - { --- -2.7.4 - |