source.dussan.org Git - tigervnc.git/commit

]> source.dussan.org Git - tigervnc.git/commit

author	Pierre Ossman <ossman@cendio.se>
	Tue, 24 Sep 2019 07:41:07 +0000 (09:41 +0200)
committer	Pierre Ossman <ossman@cendio.se>
	Fri, 15 Nov 2019 11:15:47 +0000 (12:15 +0100)
commit	75e6e0653a48baf474fd45d78b1da53e2f324642
tree	8159e0ad7abb2e69604c6ad3cbc00ebceb867c3d	tree \| snapshot
parent	0943c006c7d900dfc0281639e992791d6c567438	commit \| diff

Be defensive about overflows in stream objects

We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.

13 files changed:

High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc

RSS Atom

common/rdr/FdInStream.cxx		diff \| blob \| history
common/rdr/FdOutStream.cxx		diff \| blob \| history
common/rdr/FileInStream.cxx		diff \| blob \| history
common/rdr/HexInStream.cxx		diff \| blob \| history
common/rdr/HexOutStream.cxx		diff \| blob \| history
common/rdr/InStream.h		diff \| blob \| history
common/rdr/MemOutStream.h		diff \| blob \| history
common/rdr/OutStream.h		diff \| blob \| history
common/rdr/RandomStream.cxx		diff \| blob \| history
common/rdr/TLSInStream.cxx		diff \| blob \| history
common/rdr/TLSOutStream.cxx		diff \| blob \| history
common/rdr/ZlibInStream.cxx		diff \| blob \| history
common/rdr/ZlibOutStream.cxx		diff \| blob \| history