svn commit: r455191 - in head/net/xrdp-devel: . files
Luca Pizzamiglio
pizzamig at FreeBSD.org
Thu Nov 30 10:16:10 UTC 2017
Author: pizzamig
Date: Thu Nov 30 10:16:08 2017
New Revision: 455191
URL: https://svnweb.freebsd.org/changeset/ports/455191
Log:
net/xrdp-devel: Fix CVE-2017-16927
Fix CVE-2017-16927
Patch from upstream: https://github.com/neutrinolabs/xrdp/pull/958
PR: 223931
Submitted by: meta+ports at vmeta.jp (maintainer)
MFH: 2017Q4
Security: CVE-2017-16927
Added:
head/net/xrdp-devel/files/patch-CVE-2017-16927 (contents, props changed)
Modified:
head/net/xrdp-devel/Makefile
Modified: head/net/xrdp-devel/Makefile
==============================================================================
--- head/net/xrdp-devel/Makefile Thu Nov 30 10:12:27 2017 (r455190)
+++ head/net/xrdp-devel/Makefile Thu Nov 30 10:16:08 2017 (r455191)
@@ -4,6 +4,7 @@
PORTNAME= xrdp
PORTVERSION= 0.9.4
DISTVERSIONPREFIX= v
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= net
PKGNAMESUFFIX= -devel
Added: head/net/xrdp-devel/files/patch-CVE-2017-16927
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/xrdp-devel/files/patch-CVE-2017-16927 Thu Nov 30 10:16:08 2017 (r455191)
@@ -0,0 +1,133 @@
+--- sesman/libscp/libscp_v0.c.orig 2017-09-28 02:25:19 UTC
++++ sesman/libscp/libscp_v0.c
+@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ struct SCP_SESSION *session = 0;
+ tui16 sz;
+ tui32 code = 0;
+- char buf[257];
++ char *buf = 0;
+
+ if (!skipVchk)
+ {
+@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+
+ /* reading username */
+ in_uint16_be(c->in_s, sz);
+- buf[sz] = '\0';
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++ buf[sz] = '\0';
+ if (0 != scp_session_set_username(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);
++ g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++ g_free(buf);
+
+ /* reading password */
+ in_uint16_be(c->in_s, sz);
+- buf[sz] = '\0';
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+-
++ buf[sz] = '\0';
+ if (0 != scp_session_set_password(session, buf))
+ {
+ scp_session_destroy(session);
+ log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__);
++ g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++ g_free(buf);
+
+ /* width */
+ in_uint16_be(c->in_s, sz);
+@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+
+ if (sz > 0)
+ {
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_domain(session, buf);
++ g_free(buf);
+ }
+ }
+
+@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+
+ if (sz > 0)
+ {
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_program(session, buf);
++ g_free(buf);
+ }
+ }
+
+@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+
+ if (sz > 0)
+ {
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_directory(session, buf);
++ g_free(buf);
+ }
+ }
+
+@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+
+ if (sz > 0)
+ {
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
+ buf[sz] = '\0';
+ scp_session_set_client_ip(session, buf);
++ g_free(buf);
+ }
+ }
+ }
+@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c,
+ scp_session_set_type(session, SCP_GW_AUTHENTICATION);
+ /* reading username */
+ in_uint16_be(c->in_s, sz);
+- buf[sz] = '\0';
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
++ buf[sz] = '\0';
+
+ /* g_writeln("Received user name: %s",buf); */
+ if (0 != scp_session_set_username(session, buf))
+ {
+ scp_session_destroy(session);
+ /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/
++ g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++ g_free(buf);
+
+ /* reading password */
+ in_uint16_be(c->in_s, sz);
+- buf[sz] = '\0';
++ buf = g_new0(char, sz);
+ in_uint8a(c->in_s, buf, sz);
++ buf[sz] = '\0';
+
+ /* g_writeln("Received password: %s",buf); */
+ if (0 != scp_session_set_password(session, buf))
+ {
+ scp_session_destroy(session);
+ /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
++ g_free(buf);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
++ g_free(buf);
+ }
+ else
+ {
More information about the svn-ports-all
mailing list