Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 511688 (CVE-2014-0250)

Summary: <net-misc/freerdp-1.1.0_beta1_p20130710-r1: integer overflow (CVE-2014-0250)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: floppym
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=998934
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-05-28 13:18:07 UTC
From ${URL} :

client/X11/xf_graphics.c:xf_Pointer_New() performs a heap allocation this way:

void xf_Pointer_New(rdpContext* context, rdpPointer* pointer)
{
	XcursorImage ci;
[…]
	ci.width = pointer->width;
	ci.height = pointer->height;
[…]
	ci.pixels = (XcursorPixel*) malloc(ci.width * ci.height * 4);

The width and height members are read from the wire.  Both are 16 bit, but because of the multiplication 
with 4, the allocation still overflows (on 32 bit and 64 bit).

xf_Bitmap_Decompress() appears to have a similar issue.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-09 01:43:30 UTC
Here are the commits for this in to upstream

https://github.com/FreeRDP/FreeRDP/pull/1874
Comment 2 Mike Gilbert gentoo-dev 2014-06-09 23:39:32 UTC
This one will be easier to apply. Just waiting for it to be merged upstream.

https://github.com/FreeRDP/FreeRDP/pull/1891
Comment 3 Mike Gilbert gentoo-dev 2014-06-21 01:56:38 UTC
+*freerdp-1.1.0_beta1_p20130710-r1 (21 Jun 2014)
+
+  21 Jun 2014; Mike Gilbert <floppym@gentoo.org>
+  +files/freerdp-1.1-CVE-2014-0250.patch,
+  +freerdp-1.1.0_beta1_p20130710-r1.ebuild:
+  Add fix for CVE-2014-0250, bug 511688.

Please stabilize:

=net-misc/freerdp-1.1.0_beta1_p20130710-r1
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2014-06-21 03:07:59 UTC
Arches, please test and mark stable:

=net-misc/freerdp-1.1.0_beta1_p20130710-r1

Target Keywords : "alpha amd64 arm ppc ppc64 x86"

Thank you!
Comment 5 Agostino Sarubbo gentoo-dev 2014-06-21 10:59:05 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-06-21 11:00:13 UTC
x86 stable
Comment 7 Markus Meier gentoo-dev 2014-06-22 18:40:53 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-07-05 11:31:54 UTC
alpha stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-07-05 12:51:31 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-07-05 12:54:30 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Kristian Fiskerstrand gentoo-dev Security 2014-07-05 13:33:11 UTC
New GLSA request filed.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-12-13 17:57:58 UTC
This issue was resolved and addressed in
 GLSA 201412-18 at http://security.gentoo.org/glsa/glsa-201412-18.xml
by GLSA coordinator Sean Amoss (ackle).