mirror of
https://invent.kde.org/network/krfb
synced 2024-06-28 22:14:41 +00:00
libvncserver: Check malloc() return value on client->server ClientCutText message.
Client can send up to 2**32-1 bytes of text, and such a large allocation is likely to fail in case of high memory pressure. This would in a server crash (write at address 0). Upstream commit: 6037a9074d52b1963c97cb28ea1096c7c14cbf28
This commit is contained in:
parent
126a746dd7
commit
d931eafccf
|
@ -2404,6 +2404,12 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
|
|||
|
||||
str = (char *)malloc(msg.cct.length);
|
||||
|
||||
if (str == NULL) {
|
||||
rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
|
||||
rfbCloseClient(cl);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) {
|
||||
if (n != 0)
|
||||
rfbLogPerror("rfbProcessClientNormalMessage: read");
|
||||
|
|
Loading…
Reference in New Issue
Block a user