commit xrdp for openSUSE:Factory
Hello community, here is the log from the commit of package xrdp for openSUSE:Factory checked in at Mon Jan 12 02:18:24 CET 2009. -------- --- xrdp/xrdp.changes 2009-01-09 02:19:02.000000000 +0100 +++ /mounts/work_src_done/STABLE/xrdp/xrdp.changes 2009-01-09 21:08:43.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Jan 9 14:57:30 EST 2009 - davidr@novell.com + +- Fix multiple buffer overflows. (bnc#450898) + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrdp.spec ++++++ --- /var/tmp/diff_new_pack.Gi7593/_old 2009-01-12 02:16:57.000000000 +0100 +++ /var/tmp/diff_new_pack.Gi7593/_new 2009-01-12 02:16:57.000000000 +0100 @@ -21,7 +21,7 @@ Name: xrdp %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services Version: 0.4.1 -Release: 18 +Release: 20 License: GPL v2 or later Requires: dbus-1 xorg-x11-libXau xorg-x11-server-dmx xorg-x11-server-rdp BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -97,6 +97,8 @@ %config %{_fwdefdir}/xrdp %changelog +* Fri Jan 09 2009 davidr@novell.com +- Fix multiple buffer overflows. (bnc#450898) * Tue Jan 06 2009 davidr@novell.com - Properly install firewall definition file. (bnc#460835) * Mon Jan 05 2009 davidr@novell.com @@ -144,7 +146,7 @@ - Update xrdp-NOMAD.diff * Fix Xdmx command line arguments * Fix session data matching for XDMX sessions -* Fri Sep 12 2008 hfiguiere@suse.de +* Thu Sep 11 2008 hfiguiere@suse.de - Add Avahi support. - More comprehensive support of NOMAD. * Tue Sep 02 2008 hfiguiere@suse.de ++++++ xrdp-NOMAD.diff ++++++ --- /var/tmp/diff_new_pack.Gi7593/_old 2009-01-12 02:16:58.000000000 +0100 +++ /var/tmp/diff_new_pack.Gi7593/_new 2009-01-12 02:16:58.000000000 +0100 @@ -2100,6 +2100,40 @@ xrdp_stop is_xrdp_running while ! test $? -eq 0 +diff --git a/rdp/rdp_rdp.c b/rdp/rdp_rdp.c +index db8bb30..ce50ab5 100644 +--- a/rdp/rdp_rdp.c ++++ b/rdp/rdp_rdp.c +@@ -411,8 +411,27 @@ rdp_rdp_process_color_pointer_pdu(struct rdp_rdp* self, struct stream* s) + in_uint16_le(s, cursor->height); + in_uint16_le(s, mlen); /* mask length */ + in_uint16_le(s, dlen); /* data length */ +- in_uint8a(s, cursor->data, dlen); +- in_uint8a(s, cursor->mask, mlen); ++ ++ g_memset (cursor->data, 0, sizeof (cursor->data)); ++ if (dlen <= sizeof (cursor->data)) ++ { ++ in_uint8a(s, cursor->data, dlen); ++ } ++ else ++ { ++ in_uint8s(s, dlen); ++ } ++ ++ g_memset (cursor->mask, 0, sizeof (cursor->mask)); ++ if (mlen <= sizeof (cursor->mask)) ++ { ++ in_uint8a(s, cursor->mask, mlen); ++ } ++ else ++ { ++ in_uint8s(s, mlen); ++ } ++ + self->mod->server_set_cursor(self->mod, cursor->x, cursor->y, + cursor->data, cursor->mask); + } diff --git a/sesman/Makefile.am b/sesman/Makefile.am index 22736e6..96b9bf8 100644 --- a/sesman/Makefile.am @@ -5343,7 +5377,7 @@ password=ask ip=127.0.0.1 diff --git a/xrdp/xrdp_bitmap.c b/xrdp/xrdp_bitmap.c -index b3d7162..f7eed9d 100644 +index b3d7162..ecb3716 100644 --- a/xrdp/xrdp_bitmap.c +++ b/xrdp/xrdp_bitmap.c @@ -98,7 +98,9 @@ xrdp_bitmap_create(int width, int height, int bpp, @@ -5808,7 +5842,7 @@ } else if (self->type == WND_TYPE_SCREEN) /* 2 */ { -@@ -1052,31 +1094,25 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) +@@ -1052,65 +1094,78 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) } else if (self->type == WND_TYPE_EDIT) /* 5 */ { @@ -5852,7 +5886,12 @@ /* draw text */ painter->fg_color = self->wm->black; if (self->password_char != 0) -@@ -1088,7 +1124,25 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) + { +- i = g_mbstowcs(0, self->caption1, 0); ++ i = MIN (g_mbstowcs(0, self->caption1, 0), 255); + g_memset(text, self->password_char, i); + text[i] = 0; + xrdp_painter_draw_text(painter, self, 4, 2, text); } else { @@ -5879,7 +5918,26 @@ } /* draw xor box(cursor) */ if (self->parent != 0) -@@ -1110,7 +1164,7 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) + { + if (self->parent->focused_control == self) + { ++ i = MIN (self->edit_pos, 255); + if (self->password_char != 0) + { +- wchar_repeat(wtext, 255, self->password_char, self->edit_pos); +- wtext[self->edit_pos] = 0; +- g_wcstombs(text, wtext, 255); ++ wchar_repeat(wtext, 255, self->password_char, i); ++ wtext[i] = 0; ++ g_wcstombs(text, wtext, i); + } + else + { + g_mbstowcs(wtext, self->caption1, 255); +- wtext[self->edit_pos] = 0; ++ wtext[i] = 0; + g_wcstombs(text, wtext, 255); + } w = xrdp_painter_text_width(painter, text); painter->fg_color = self->wm->white; painter->rop = 0x5a; @@ -5888,7 +5946,7 @@ } } /* reset rop back */ -@@ -1123,37 +1177,32 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) +@@ -1123,37 +1178,32 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) } else if (self->type == WND_TYPE_COMBO) /* 7 combo box */ { @@ -5946,7 +6004,7 @@ /* draw text */ if (self->parent->focused_control == self) { -@@ -1178,6 +1227,13 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) +@@ -1178,6 +1228,13 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) { xrdp_bitmap_draw_button(self, painter, x, y, w, h, 1); } @@ -5960,7 +6018,7 @@ } else if (self->type == WND_TYPE_SPECIAL) /* 8 special */ { -@@ -1207,6 +1263,22 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) +@@ -1207,6 +1264,22 @@ xrdp_bitmap_invalidate(struct xrdp_bitmap* self, struct xrdp_rect* rect) } } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de