Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
qemu-linux-user.11147
0173-vnc-sanitize-bits_per_pixel-from-th.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0173-vnc-sanitize-bits_per_pixel-from-th.patch of Package qemu-linux-user.11147
From 29da57657334bfc2cb51059be8a0f71d2dff7cc6 Mon Sep 17 00:00:00 2001 From: Petr Matousek <pmatouse@redhat.com> Date: Mon, 27 Oct 2014 12:41:44 +0100 Subject: [PATCH] vnc: sanitize bits_per_pixel from the client MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> (cherry picked from commit e6908bfe8e07f2b452e78e677da1b45b1c0f6829) [AF: BSC#902737] Signed-off-by: Andreas Färber <afaerber@suse.de> --- ui/vnc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c index 6cb2288518..8393c540f7 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2044,6 +2044,16 @@ static void set_pixel_format(VncState *vs, blue_shift = 6; } + switch (bits_per_pixel) { + case 8: + case 16: + case 32: + break; + default: + vnc_client_error(vs); + return; + } + vs->client_pf.rmax = red_max; vs->client_pf.rbits = hweight_long(red_max); vs->client_pf.rshift = red_shift;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor