Not every mouse has three buttons e.g. laptops. Some OS might not
have support for middle mouse button emulation.
This commit adds emulation for middle mouse button when pressing both
left and right mouse button simultaneously.
We had an unintentional conflict with PixelBuffer::setSize() here.
But we can simplify this further as this initialization is only used
by the subclass DeviceFrameBuffer, and only once.
Since 53f913a we initialize the underlying PixelBuffer with 0x0
dimensions, which means we need to keep more explicit track of what
we are trying to allocate in the setup methods.
If the server doesn't support local cursors and want to render them
itself then we need to make sure the local cursor is invisible.
This also makes sure we always have some cursor allocated, so we can
remove the checks in some places.
There was even some confusion in the RFB protocol regarding this, but
the zlib implementation confirms that accepted values for compression
level is 0-9.
Check the correct stream if there is more data pending
The input stream might no longer be the raw socket, so we need to
query what's currently active. That wrapping stream might have its
own buffering and may have more data even if the socket is drained.
There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.
When used with -fg we expect the startup script to remain running until
the session is over. This will not happen if the session command is put
in the background using &.
Our fast paths assume that each channel fits in to a separate byte.
That means the shift needs to be a multiple of 8. Start actually
checking this so that a client cannot trip us up and possibly cause
incorrect code exection.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.
This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Provides safety against them accidentally becoming negative because
of bugs in the calculations.
Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
Otherwise we might be tricked in to reading and writing things at
incorrect offsets for pixels which ultimately could result in an
attacker writing things to the stack or heap and executing things
they shouldn't.
This only affects the server as the client never uses the pixel
format suggested by th server.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.
This could theoretically be used by a malicious server to inject
code in to the viewer process.
Issue found by Pavel Cheremushkin from Kaspersky Lab.
Pierre Ossman
Alex Tanskanen
Brian P. Hinz
Felipe Castro
Samuel Mannehed
Balázs Úr
JiYoon Kwon