These streams both need to change the corking state temporarily, but it
is important it is restored to the previous state or things might get
messed up.
For the zlib stream it would just leave things uncorked, which still
works but is less efficient.
But for the TLS stream it might make things very unresponsive as the
corking might be left on permanently, delaying packets indefinitely.
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.
This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Provides safety against them accidentally becoming negative because
of bugs in the calculations.
Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
This allows us to simplify things by getting rid of some old
compatibility code. People should really be using current versions
of GnuTLS anyway to stay secure.
GnuTLS 3.x has removed gnutls_transport_set_global_errno() in favour of
gnutls_transport_set_errno(). Make sure we call the right errno function
depending on which GnuTLS we're using.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4922 3789f03b-4d11-0410-bbf8-ca57d06f2519
Refactor the TLS code so that the push/pull functions are aware of their
containing stream object. This is in preparation for supporting GnuTLS 3.x.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4921 3789f03b-4d11-0410-bbf8-ca57d06f2519
Pierre Ossman
DRC
Adam Tkac