We need to check the buffer length before accessing the incoming
string. Probably not a problem in practice as there should be a
final null in most incoming strings.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Implements support in both client and server for the extended
clipboard format first seen in UltraVNC. Currently only implements
text handling, but that is still an improvement as it extends the
clipboard from ISO 8859-1 to full Unicode.
We now filter incoming data, which means we can start assuming the
clipboard data is always null terminated. This allows us to clean
up a lot of the internal handling.
This is required by the protocol so we should make sure it is
enforced. We are tolerant of clients that violate this though and
convert incoming clipboard data.
Result of overflow on signed integer arithmetic is undefined in C/C++ standard.
So in previous version clang was compiling the statement as (int)a > (int)b (i.e. assuming no overflow), which leads to incorrect result.
Correct deterministic behavior means doing overflow arithmetic as unsigned, i.e.
a != b && a - b <= UINT_MAX / 2
There is some bug in gcc's new -Werror=format-overflow that makes it
think majorVersion could end up being very large. Increase the target
buffer for now to keep gcc happy.
This provides some basic rate limiting that will make it difficult
for an attacker to brute force passwords. Only relevant when the
blacklist is disabled as otherwise the attacker only gets a very
limited number of attempts.
There might be multiple clients using a single IP (e.g. NAT), which
can make the blacklist do more harm than good. So add a setting to
disable it if needed.
Require all SMsgWriter caller to check capabilities
Make the API consisitent by requiring the caller to check what the client
supports before calling any of the write* functions. This avoids the
confusion that the functions might not always do anything.
This is what the protocol requires, rather than sending what the
client specified in the request. This should be the same in practice
except for failures and possibly some races.
Increase range of ComparingUpdateTracker statistics
32 bits are not enough to keep track of all the pixels that might
flow through the system. Expand things to 64 bits, which should cover
all reasonable uses.
We need to check earlier if we are going to send this refresh or
not. Otherwise we send out pings pointlessly, and we also stall
the request loop with a client as we clear the requested region
without actually sending an update message.
It doesn't belong on each socket server object as timers are global.
Force implementations to call the Timer system directly instead,
avoiding any middle men.
Do a proper cleanup when one of the termination timeouts trigger
rather than just exiting on the spot. This makes sure we don't leave
stray stuff around, e.g. unix socket files.
This makes them more consistent with everything else, which makes
things clearer and also allows them to handle some corner cases
(e.g. only firing once).
ServerParams should contain the server state and not information about
client settings or capabilities. Move those things up a level to the
CConnection object.
No need to have one setting for each extension. All the client code
needs to indicate is if it supports resize. The common code can then
map this to relevant extensions.