nixpkgs/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch
Robert Scott 2482f8b8dc tightvnc: add patches for four CVEs
Security fixes for:
* CVE-2019-8287
* CVE-2019-15678
* CVE-2019-15679
* CVE-2019-15680

mostly adapted from patches fixing similar issues in the actively
maintained libvnc

(#73970)
2019-11-24 19:44:01 +01:00

18 lines
651 B
Diff

Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
index 04b0230..47a6863 100644
--- a/vncviewer/rfbproto.c
+++ b/vncviewer/rfbproto.c
@@ -1217,6 +1217,12 @@ HandleRFBServerMessage()
if (serverCutText)
free(serverCutText);
+ if (msg.sct.length > 1<<20) {
+ fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n",
+ (unsigned int)msg.sct.length);
+ return False;
+ }
+
serverCutText = malloc(msg.sct.length+1);
if (!ReadFromRFBServer(serverCutText, msg.sct.length))