Description: Check malloc() return value (CVE-2014-6053)
Check malloc() return value on client->server ClientCutText
message. Client can send up to 2**32-1 bytes of text, and such a large
allocation is likely to fail in case of high memory pressure. This would in a
server crash (write at address 0).
Origin: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/server/libvncserver/rfbserver.c
+++ b/server/libvncserver/rfbserver.c
@@ -851,6 +851,11 @@
msg.cct.length = Swap32IfLE(msg.cct.length);
str = (char *)malloc(msg.cct.length);
+ if (str == NULL) {
+ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
+ rfbCloseClient(cl);
+ return;
+ }
if ((n = ReadExact(cl, str, msg.cct.length)) <= 0) {
if (n != 0)
distrib
>
Mageia
>
7
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
77d712e1fe85448a40a6735812a24907
>
files
>
1
