network/krfb
network/krfb
1
0
Fork 0
mirror of https://invent.kde.org/network/krfb synced 2024-06-28 22:14:41 +00:00
Code Issues Projects Releases Wiki Activity

libvncserver: Check malloc() return value on client->server ClientCutText message.

Browse Source 
Client can send up to 2**32-1 bytes of text, and such a large allocation
is likely to fail in case of high memory pressure. This would in a
server crash (write at address 0).

Upstream commit: 6037a9074d52b1963c97cb28ea1096c7c14cbf28
This commit is contained in:
Martin T. H. Sandsmark 2014-09-23 22:46:27 +02:00
parent 126a746dd7
commit d931eafccf
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libvncserver/rfbserver.c
View File

@ -2404,6 +2404,12 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)
str = (char *)malloc(msg.cct.length);
if (str == NULL) {
rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
rfbCloseClient(cl);
return;
}
if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) {
if (n != 0)
rfbLogPerror("rfbProcessClientNormalMessage: read");