diff options
author | Petr Písař <ppisar@redhat.com> | 2019-01-07 10:40:01 +0100 |
---|---|---|
committer | Slávek Banko <slavek.banko@axis.cz> | 2019-03-03 16:01:12 +0100 |
commit | 6142d389db44b781e36399fe7c477c4879c0924b (patch) | |
tree | 041da4dafe45f182e7d477130471c5b55eba937d /client_examples/backchannel.c | |
parent | 177b748ba10ee43351643091ca42239205743dd8 (diff) | |
download | libtdevnc-6142d389db44b781e36399fe7c477c4879c0924b.tar.gz libtdevnc-6142d389db44b781e36399fe7c477c4879c0924b.zip |
Limit lenght to INT_MAX bytes in rfbProcessFileTransferReadBuffer()
This ammends 15bb719c03cc70f14c36a843dcb16ed69b405707 fix for a heap
out-of-bound write access in rfbProcessFileTransferReadBuffer() when
reading a transfered file content in a server. The former fix did not
work on platforms with a 32-bit int type (expected by rfbReadExact()).
CVE-2018-15127
<https://github.com/LibVNC/libvncserver/issues/243>
<https://github.com/LibVNC/libvncserver/issues/273>
(cherry picked from commit 09e8fc02f59f16e2583b34fe1a270c238bd9ffec)
Diffstat (limited to 'client_examples/backchannel.c')
0 files changed, 0 insertions, 0 deletions