Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
LibVNCServer.17331
LibVNCServer-CVE-2014-6053.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File LibVNCServer-CVE-2014-6053.patch of Package LibVNCServer.17331
From 6037a9074d52b1963c97cb28ea1096c7c14cbf28 Mon Sep 17 00:00:00 2001 From: Nicolas Ruff <nruff@google.com> Date: Mon, 18 Aug 2014 15:16:16 +0200 Subject: [PATCH] Check malloc() return value on client->server ClientCutText message. Client can send up to 2**32-1 bytes of text, and such a large allocation is likely to fail in case of high memory pressure. This would in a server crash (write at address 0). --- libvncserver/rfbserver.c | 5 +++++ 1 file changed, 5 insertions(+) Index: LibVNCServer-0.9.9/libvncserver/rfbserver.c =================================================================== --- LibVNCServer-0.9.9.orig/libvncserver/rfbserver.c +++ LibVNCServer-0.9.9/libvncserver/rfbserver.c @@ -2457,6 +2457,11 @@ msg.cct.length = Swap32IfLE(msg.cct.length); str = (char *)malloc(msg.cct.length); + if (str == NULL) { + rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); + rfbCloseClient(cl); + return; + } if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) { if (n != 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor