From 8937203441ee241c4ace85da687b7d6633a12365 Mon Sep 17 00:00:00 2001
From: Christian Beier <dontmind@freeshell.org>
Date: Fri, 10 Apr 2020 19:07:12 +0200
Subject: [PATCH] libvncclient/rfbproto: limit max textchat size
Addresses GitHub Security Lab (GHSL) Vulnerability Report
`GHSL-2020-063`.
Re #275
---
(daviddavid) Rebase
---
libvncclient/rfbproto.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
index a54c1e67..26430c77 100644
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -68,6 +68,8 @@
#endif
#include "tls.h"
+#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */
+
#ifdef _MSC_VER
# define snprintf _snprintf /* MSVC went straight to the underscored syntax */
#endif
@@ -2268,6 +2270,8 @@ HandleRFBServerMessage(rfbClient* client
client->HandleTextChat(client, (int)rfbTextChatFinished, NULL);
break;
default:
+ if(msg.tc.length > MAX_TEXTCHAT_SIZE)
+ return FALSE;
buffer=malloc(msg.tc.length+1);
if (!ReadFromRFBServer(client, buffer, msg.tc.length))
{
distrib
>
Mageia
>
7
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
31acdfbe91e004242feef187280e4bfc
>
files
>
4
