From 14e7de5c8fb7ab8f5e7c04cf4b6f24166612143a Mon Sep 17 00:00:00 2001 From: yanggao Date: Thu, 2 Mar 2023 15:49:49 +0800 Subject: [PATCH] =?UTF-8?q?CVE-2022-39318=20=E5=AE=89=E5=85=A8=E6=9B=B4?= =?UTF-8?q?=E6=96=B0:=E4=BF=AE=E5=A4=8DFreeRDP=E5=AE=89=E5=85=A8=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- channels/urbdrc/client/libusb/libusb_udevice.c | 12 +++++++++--- debian/changelog | 6 ++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c index 505c31d..ef87f19 100644 --- a/channels/urbdrc/client/libusb/libusb_udevice.c +++ b/channels/urbdrc/client/libusb/libusb_udevice.c @@ -1221,12 +1221,18 @@ static int libusb_udev_isoch_transfer(IUDEVICE* idev, URBDRC_CHANNEL_CALLBACK* c if (!Buffer) Stream_Seek(user_data->data, (NumberOfPackets * 12)); - iso_packet_size = BufferSize / NumberOfPackets; - iso_transfer = libusb_alloc_transfer(NumberOfPackets); + if (NumberOfPackets > 0) + { + iso_packet_size = BufferSize / NumberOfPackets; + iso_transfer = libusb_alloc_transfer((int)NumberOfPackets); + } if (iso_transfer == NULL) { - WLog_Print(urbdrc->log, WLOG_ERROR, "Error: libusb_alloc_transfer."); + WLog_Print(urbdrc->log, WLOG_ERROR, + "Error: libusb_alloc_transfer [NumberOfPackets=%" PRIu32 ", BufferSize=%" PRIu32 + " ]", + NumberOfPackets, BufferSize); async_transfer_user_data_free(user_data); return -1; } diff --git a/debian/changelog b/debian/changelog index e866805..e50a406 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +freerdp2 (2.8.1-ok3) yangtze; urgency=medium + + * kimjuncotton_y CVE-2022-39318 安全更新:FreeRDP存在安全漏洞,该漏洞源于“urbdrc”通道中缺少输入验证. + + -- yanggao Thu, 02 Mar 2023 15:47:32 +0800 + freerdp2 (2.8.1-ok2) yangtze; urgency=medium * kimjuncotton_y CVE-2022-39316、CVE-2022-39317 安全更新:FreeRDP 缓冲区错误漏洞. -- Gitee