Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
LibVNCServer.15728
LibVNCServer-CVE-2018-20750.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File LibVNCServer-CVE-2018-20750.patch of Package LibVNCServer.15728
Index: libvncserver-LibVNCServer-0.9.10/libvncserver/rfbserver.c =================================================================== --- libvncserver-LibVNCServer-0.9.10.orig/libvncserver/rfbserver.c 2019-02-05 14:11:27.552345876 +0100 +++ libvncserver-LibVNCServer-0.9.10/libvncserver/rfbserver.c 2019-02-05 14:19:41.526622829 +0100 @@ -87,6 +87,9 @@ #include <time.h> /* PRIu32 */ #include <inttypes.h> +/* INT_MAX */ +#include <limits.h> + #ifdef LIBVNCSERVER_WITH_WEBSOCKETS #include "rfbssl.h" @@ -1465,8 +1468,11 @@ char *rfbProcessFileTransferReadBuffer(r 0XFFFFFFFF, i.e. SIZE_MAX for 32-bit systems. On 64-bit systems, a length of 0XFFFFFFFF will safely be allocated since this check will never trigger and malloc() can digest length+1 without problems as length is a uint32_t. + We also later pass length to rfbReadExact() that expects a signed int type and + that might wrap on platforms with a 32-bit int type if length is bigger + than 0X7FFFFFFF. */ - if(length == SIZE_MAX) { + if(length == SIZE_MAX || length > INT_MAX) { rfbErr("rfbProcessFileTransferReadBuffer: too big file transfer length requested: %u", (unsigned int)length); rfbCloseClient(cl); return NULL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor