New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes for CVE-2014-0250 #1874

Merged
merged 4 commits into from May 30, 2014

Conversation

Projects
None yet
5 participants
@hardening
Contributor

hardening commented May 28, 2014

This patch introduce misc checks when receiving pointer updates. We check that the cursor are in the bounds defined by the spec. We also check that the announced mask sizes are what they should be.

Fixes for CVE-2014-0250
This patch introduce misc checks when receiving pointer updates. We check
that the cursor are in the bounds defined by the spec. We also check that
the announced mask sizes are what they should be.
@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot May 28, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/351/

freerdp-bot commented May 28, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/351/

@nfedera

This comment has been minimized.

Show comment
Hide comment
@nfedera

nfedera May 28, 2014

xorBpp should be verified to be > 0 and <= 32

nfedera commented on libfreerdp/core/update.c in 532c420 May 28, 2014

xorBpp should be verified to be > 0 and <= 32

@nfedera

This comment has been minimized.

Show comment
Hide comment
@nfedera

nfedera May 28, 2014

very nice. (only xorBpp value should be verified)

nfedera commented on 532c420 May 28, 2014

very nice. (only xorBpp value should be verified)

Set checks to be strict and also check xorBpp field
This patch:
* renames bpp to xorBpp ;
* changes checks to strict ;
* adds checks on the xorBpp field
@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot May 28, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/352/

freerdp-bot commented May 28, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/352/

@nfedera

This comment has been minimized.

Show comment
Hide comment
@nfedera

nfedera May 28, 2014

Shouldn't that be pointer_new->xorBpp < 1 ?

nfedera commented on libfreerdp/core/update.c in 640b901 May 28, 2014

Shouldn't that be pointer_new->xorBpp < 1 ?

This comment has been minimized.

Show comment
Hide comment
@hardening

hardening May 28, 2014

Owner

arg you're damn right, i will change it tomorrow

Owner

hardening replied May 28, 2014

arg you're damn right, i will change it tomorrow

Check for bpp > 0
Bpp == 0 just makes no sense
@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot May 29, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/353/

freerdp-bot commented May 29, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/353/

@nfedera

This comment has been minimized.

Show comment
Hide comment
@nfedera

nfedera May 29, 2014

Contributor

+1 all is well now

Contributor

nfedera commented May 29, 2014

+1 all is well now

Check that bpp has reasonable value
As bpp is often used for malloc computations, let's check that it has
a reasonable value.
@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot May 29, 2014

Test FAILed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/354/

freerdp-bot commented May 29, 2014

Test FAILed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/354/

@nfedera

This comment has been minimized.

Show comment
Hide comment
@nfedera

nfedera May 29, 2014

Contributor

ios build bot has issues. can be ignored.

Contributor

nfedera commented May 29, 2014

ios build bot has issues. can be ignored.

@bmiklautz

This comment has been minimized.

Show comment
Hide comment
@bmiklautz
Member

bmiklautz commented May 29, 2014

@bmiklautz

This comment has been minimized.

Show comment
Hide comment
@bmiklautz
Member

bmiklautz commented May 29, 2014

+1

@freerdp-bot

This comment has been minimized.

Show comment
Hide comment
@freerdp-bot

freerdp-bot May 29, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/355/

freerdp-bot commented May 29, 2014

Test PASSed.
Refer to this link for build results: https://ci.freerdp.com/job/PullRequestBuilder/355/

awakecoding added a commit that referenced this pull request May 30, 2014

@awakecoding awakecoding merged commit 2309169 into FreeRDP:master May 30, 2014

1 check passed

default Merged build finished.
Details

@hardening hardening deleted the hardening:CVE-2014-0250 branch Jun 19, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment