FreeBSD Bugzilla – Attachment 188345 Details for
Bug 223931
net/xrdp-devel: patch for CVE-2017-16927
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
CVE-2017-16927
patch-xrdp-devel-0.9.4_1,1.txt (text/plain), 4.73 KB, created by
Koichiro Iwao
on 2017-11-28 01:55:19 UTC
(
hide
)
Description:
CVE-2017-16927
Filename:
MIME Type:
Creator:
Koichiro Iwao
Created:
2017-11-28 01:55:19 UTC
Size:
4.73 KB
patch
obsolete
>diff --git net/xrdp-devel/Makefile net/xrdp-devel/Makefile >index 1058906..294d58d 100644 >--- net/xrdp-devel/Makefile >+++ net/xrdp-devel/Makefile >@@ -4,6 +4,7 @@ > PORTNAME= xrdp > PORTVERSION= 0.9.4 > DISTVERSIONPREFIX= v >+PORTREVISION= 1 > PORTEPOCH= 1 > CATEGORIES= net > PKGNAMESUFFIX= -devel >diff --git net/xrdp-devel/files/patch-CVE-2017-16927 net/xrdp-devel/files/patch-CVE-2017-16927 >new file mode 100644 >index 0000000..c1e7e3f >--- /dev/null >+++ net/xrdp-devel/files/patch-CVE-2017-16927 >@@ -0,0 +1,133 @@ >+--- sesman/libscp/libscp_v0.c.orig 2017-09-28 02:25:19 UTC >++++ sesman/libscp/libscp_v0.c >+@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ struct SCP_SESSION *session = 0; >+ tui16 sz; >+ tui32 code = 0; >+- char buf[257]; >++ char *buf = 0; >+ >+ if (!skipVchk) >+ { >+@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ >+ /* reading username */ >+ in_uint16_be(c->in_s, sz); >+- buf[sz] = '\0'; >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+- >++ buf[sz] = '\0'; >+ if (0 != scp_session_set_username(session, buf)) >+ { >+ scp_session_destroy(session); >+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); >++ g_free(buf); >+ return SCP_SERVER_STATE_INTERNAL_ERR; >+ } >++ g_free(buf); >+ >+ /* reading password */ >+ in_uint16_be(c->in_s, sz); >+- buf[sz] = '\0'; >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+- >++ buf[sz] = '\0'; >+ if (0 != scp_session_set_password(session, buf)) >+ { >+ scp_session_destroy(session); >+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); >++ g_free(buf); >+ return SCP_SERVER_STATE_INTERNAL_ERR; >+ } >++ g_free(buf); >+ >+ /* width */ >+ in_uint16_be(c->in_s, sz); >+@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ >+ if (sz > 0) >+ { >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+ buf[sz] = '\0'; >+ scp_session_set_domain(session, buf); >++ g_free(buf); >+ } >+ } >+ >+@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ >+ if (sz > 0) >+ { >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+ buf[sz] = '\0'; >+ scp_session_set_program(session, buf); >++ g_free(buf); >+ } >+ } >+ >+@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ >+ if (sz > 0) >+ { >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+ buf[sz] = '\0'; >+ scp_session_set_directory(session, buf); >++ g_free(buf); >+ } >+ } >+ >+@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ >+ if (sz > 0) >+ { >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >+ buf[sz] = '\0'; >+ scp_session_set_client_ip(session, buf); >++ g_free(buf); >+ } >+ } >+ } >+@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, >+ scp_session_set_type(session, SCP_GW_AUTHENTICATION); >+ /* reading username */ >+ in_uint16_be(c->in_s, sz); >+- buf[sz] = '\0'; >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >++ buf[sz] = '\0'; >+ >+ /* g_writeln("Received user name: %s",buf); */ >+ if (0 != scp_session_set_username(session, buf)) >+ { >+ scp_session_destroy(session); >+ /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ >++ g_free(buf); >+ return SCP_SERVER_STATE_INTERNAL_ERR; >+ } >++ g_free(buf); >+ >+ /* reading password */ >+ in_uint16_be(c->in_s, sz); >+- buf[sz] = '\0'; >++ buf = g_new0(char, sz); >+ in_uint8a(c->in_s, buf, sz); >++ buf[sz] = '\0'; >+ >+ /* g_writeln("Received password: %s",buf); */ >+ if (0 != scp_session_set_password(session, buf)) >+ { >+ scp_session_destroy(session); >+ /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ >++ g_free(buf); >+ return SCP_SERVER_STATE_INTERNAL_ERR; >+ } >++ g_free(buf); >+ } >+ else >+ {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=188345">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
meta
:
maintainer-approval+
Actions:
View
Attachments on
bug 223931
: 188345