Date: Thu, 30 Nov 2017 10:16:09 +0000 (UTC) From: Luca Pizzamiglio <pizzamig@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r455191 - in head/net/xrdp-devel: . files Message-ID: <201711301016.vAUAG9Wr032669@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pizzamig Date: Thu Nov 30 10:16:08 2017 New Revision: 455191 URL: https://svnweb.freebsd.org/changeset/ports/455191 Log: net/xrdp-devel: Fix CVE-2017-16927 Fix CVE-2017-16927 Patch from upstream: https://github.com/neutrinolabs/xrdp/pull/958 PR: 223931 Submitted by: meta+ports@vmeta.jp (maintainer) MFH: 2017Q4 Security: CVE-2017-16927 Added: head/net/xrdp-devel/files/patch-CVE-2017-16927 (contents, props changed) Modified: head/net/xrdp-devel/Makefile Modified: head/net/xrdp-devel/Makefile ============================================================================== --- head/net/xrdp-devel/Makefile Thu Nov 30 10:12:27 2017 (r455190) +++ head/net/xrdp-devel/Makefile Thu Nov 30 10:16:08 2017 (r455191) @@ -4,6 +4,7 @@ PORTNAME= xrdp PORTVERSION= 0.9.4 DISTVERSIONPREFIX= v +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= net PKGNAMESUFFIX= -devel Added: head/net/xrdp-devel/files/patch-CVE-2017-16927 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/xrdp-devel/files/patch-CVE-2017-16927 Thu Nov 30 10:16:08 2017 (r455191) @@ -0,0 +1,133 @@ +--- sesman/libscp/libscp_v0.c.orig 2017-09-28 02:25:19 UTC ++++ sesman/libscp/libscp_v0.c +@@ -161,7 +161,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + struct SCP_SESSION *session = 0; + tui16 sz; + tui32 code = 0; +- char buf[257]; ++ char *buf = 0; + + if (!skipVchk) + { +@@ -226,27 +226,31 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); +- ++ buf[sz] = '\0'; + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* width */ + in_uint16_be(c->in_s, sz); +@@ -272,9 +276,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_domain(session, buf); ++ g_free(buf); + } + } + +@@ -285,9 +291,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_program(session, buf); ++ g_free(buf); + } + } + +@@ -298,9 +306,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_directory(session, buf); ++ g_free(buf); + } + } + +@@ -311,9 +321,11 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + + if (sz > 0) + { ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); + buf[sz] = '\0'; + scp_session_set_client_ip(session, buf); ++ g_free(buf); + } + } + } +@@ -332,29 +344,35 @@ scp_v0s_accept(struct SCP_CONNECTION *c, + scp_session_set_type(session, SCP_GW_AUTHENTICATION); + /* reading username */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received user name: %s",buf); */ + if (0 != scp_session_set_username(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + + /* reading password */ + in_uint16_be(c->in_s, sz); +- buf[sz] = '\0'; ++ buf = g_new0(char, sz); + in_uint8a(c->in_s, buf, sz); ++ buf[sz] = '\0'; + + /* g_writeln("Received password: %s",buf); */ + if (0 != scp_session_set_password(session, buf)) + { + scp_session_destroy(session); + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ ++ g_free(buf); + return SCP_SERVER_STATE_INTERNAL_ERR; + } ++ g_free(buf); + } + else + {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711301016.vAUAG9Wr032669>