summarylogtreecommitdiffstats
path: root/CVE-2018-8787.patch
diff options
context:
space:
mode:
Diffstat (limited to 'CVE-2018-8787.patch')
-rw-r--r--CVE-2018-8787.patch51
1 files changed, 0 insertions, 51 deletions
diff --git a/CVE-2018-8787.patch b/CVE-2018-8787.patch
deleted file mode 100644
index 49b5c3959f79..000000000000
--- a/CVE-2018-8787.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Backport of:
-
-From 09b9d4f1994a674c4ec85b4947aa656eda1aed8a Mon Sep 17 00:00:00 2001
-From: Armin Novak <armin.novak@thincast.com>
-Date: Mon, 22 Oct 2018 16:30:20 +0200
-Subject: [PATCH] Fixed CVE-2018-8787
-
-Thanks to Eyal Itkin from Check Point Software Technologies.
----
- libfreerdp/gdi/graphics.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-Index: freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c
-===================================================================
---- freerdp-1.1.0~git20140921.1.440916e+dfsg1.orig/libfreerdp/gdi/graphics.c
-+++ freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/gdi/graphics.c
-@@ -23,6 +23,7 @@
-
- #include <winpr/crt.h>
-
-+#include <stdint.h>
- #include <freerdp/gdi/dc.h>
- #include <freerdp/gdi/brush.h>
- #include <freerdp/gdi/shape.h>
-@@ -98,7 +99,7 @@ void gdi_Bitmap_Decompress(rdpContext* c
- BYTE* data, int width, int height, int bpp, int length,
- BOOL compressed, int codec_id)
- {
-- UINT16 size;
-+ UINT32 size;
- RFX_MESSAGE* msg;
- BYTE* src;
- BYTE* dst;
-@@ -107,7 +108,16 @@ void gdi_Bitmap_Decompress(rdpContext* c
- rdpGdi* gdi;
- BOOL status;
-
-- size = width * height * ((bpp + 7) / 8);
-+ size = width * height;
-+
-+ if (bpp <= 0 || width <= 0 || height <= 0 ||
-+ width > (UINT32_MAX / height) ||
-+ size > (UINT32_MAX / (bpp + 7) / 8))
-+ {
-+ printf("Invalid parameters, unable to decompress bitmap\n");
-+ return;
-+ }
-+ size *= (bpp + 7) / 8;
-
- if (bitmap->data == NULL)
- bitmap->data = (BYTE*) malloc(size);