source.dussan.org Git - tigervnc.git/commit

]> source.dussan.org Git - tigervnc.git/commit

author	Pierre Ossman <ossman@cendio.se>
	Tue, 24 Sep 2019 07:41:07 +0000 (09:41 +0200)
committer	Pierre Ossman <ossman@cendio.se>
	Fri, 20 Dec 2019 06:29:00 +0000 (07:29 +0100)
commit	9b9c66d43e16104fa1028df1071fb2b5a338259a
tree	2ec21344194e565017adbbf0e1be31786ec16e92	tree \| snapshot
parent	f287032d3643a6437f7de0ed35f4c45bb735522d	commit \| diff

Be defensive about overflows in stream objects

We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

(cherry picked from commit 75e6e0653a48baf474fd45d78b1da53e2f324642)

13 files changed:

High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc

RSS Atom

common/rdr/FdInStream.cxx		diff \| blob \| history
common/rdr/FdOutStream.cxx		diff \| blob \| history
common/rdr/FileInStream.cxx		diff \| blob \| history
common/rdr/HexInStream.cxx		diff \| blob \| history
common/rdr/HexOutStream.cxx		diff \| blob \| history
common/rdr/InStream.h		diff \| blob \| history
common/rdr/MemOutStream.h		diff \| blob \| history
common/rdr/OutStream.h		diff \| blob \| history
common/rdr/RandomStream.cxx		diff \| blob \| history
common/rdr/TLSInStream.cxx		diff \| blob \| history
common/rdr/TLSOutStream.cxx		diff \| blob \| history
common/rdr/ZlibInStream.cxx		diff \| blob \| history
common/rdr/ZlibOutStream.cxx		diff \| blob \| history