Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Rings:2-TestDVD
tigervnc
U_tigervnc-fix-checkNoWait-logic-in-SSecurityPl...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_tigervnc-fix-checkNoWait-logic-in-SSecurityPlain.patch of Package tigervnc
Git-commit: 9801c5efcf8c1774d9c807ebd5d27ac7049ad993 Patch-Mainline: Upstream References: bnc#1031879 From: Michal Srb <michalsrb@gmail.com> Subject: Fix checkNoWait logic in SSecurityPlain. Currently it proceeds only if there aren't enough data in queue and then it blocks waiting. Also the required amount to receive from network is (ulen + plen), not (ulen + plen + 2). This allowed not authenticated clients to deny service to everyone. diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx index f5a5cc7..0531549 100644 --- a/common/rfb/SSecurityPlain.cxx +++ b/common/rfb/SSecurityPlain.cxx @@ -92,7 +92,7 @@ bool SSecurityPlain::processMsg(SConnection* sc) } if (state == 1) { - if (is->checkNoWait(ulen + plen + 2)) + if (!is->checkNoWait(ulen + plen)) return false; state = 2; pw = new char[plen + 1];
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor