Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
LibVNCServer
LibVNCServer-CVE-2019-20788.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File LibVNCServer-CVE-2019-20788.patch of Package LibVNCServer
Index: libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c =================================================================== --- libvncserver-LibVNCServer-0.9.12.orig/libvncclient/rfbproto.c 2019-01-06 20:09:30.000000000 +0100 +++ libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c 2020-04-27 10:32:26.192984242 +0200 @@ -225,6 +225,7 @@ ClearServer2Client(rfbClient* client, in client->supportedMessages.server2client[((messageType & 0xFF)/8)] &= (!(1<<(messageType % 8))); } +#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */ void DefaultSupportedMessages(rfbClient* client) @@ -2268,6 +2269,8 @@ HandleRFBServerMessage(rfbClient* client client->HandleTextChat(client, (int)rfbTextChatFinished, NULL); break; default: + if(msg.tc.length > MAX_TEXTCHAT_SIZE) + return FALSE; buffer=malloc(msg.tc.length+1); if (!ReadFromRFBServer(client, buffer, msg.tc.length)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor