mirrors
/
xrdp
mirror of https://github.com/neutrinolabs/xrdp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CVE-2022-23477 

Prevent buffer overflow for oversized audio format from client
This commit is contained in:
matt335672 2022-12-06 11:31:31 +00:00
parent 3dab2c23da
commit 96afae1ec5
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sesman/chansrv/audin.c
View File

@ -181,15 +181,16 @@ audin_send_open(int chan_id)
int error;
int bytes;
struct stream *s;
struct xr_wave_format_ex *wf;
struct xr_wave_format_ex *wf = g_client_formats[g_current_format];
LOG_DEVEL(LOG_LEVEL_INFO, "audin_send_open:");
make_stream(s);
init_stream(s, 8192);
/* wf->cbSize was checked when the format was received */
init_stream(s, wf->cbSize + 64);
out_uint8(s, MSG_SNDIN_OPEN);
out_uint32_le(s, 2048); /* FramesPerPacket */
out_uint32_le(s, g_current_format); /* initialFormat */
wf = g_client_formats[g_current_format];
out_uint16_le(s, wf->wFormatTag);
out_uint16_le(s, wf->nChannels);
out_uint32_le(s, wf->nSamplesPerSec);