Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.3680
CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch of Package xen.3680
References: bsc#962627 CVE-2014-7815 Subject: vnc: sanitize bits_per_pixel from the client From: Petr Matousek pmatouse@redhat.com Mon Oct 27 12:41:44 2014 +0100 Date: Tue Oct 28 11:51:04 2014 +0100: Git: e6908bfe8e07f2b452e78e677da1b45b1c0f6829 bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. This is CVE-2014-7815. Signed-off-by: Petr Matousek <pmatouse@redhat.com> [ kraxel: apply codestyle fix ] Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Index: xen-4.4.3-testing/tools/qemu-xen-traditional-dir-remote/vnc.c =================================================================== --- xen-4.4.3-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c +++ xen-4.4.3-testing/tools/qemu-xen-traditional-dir-remote/vnc.c @@ -1633,6 +1633,16 @@ static void set_pixel_format(VncState *v return; } + switch (bits_per_pixel) { + case 8: + case 16: + case 32: + break; + default: + vnc_client_error(vs); + return; + } + vs->clientds = vs->serverds; vs->clientds.pf.rmax = red_max ? red_max : 0xFF; count_bits(vs->clientds.pf.rbits, red_max);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor