Make ZlibInStream more robust against failures - tigervnc.git - High performance, multi-platform VNC client and server: https://github.com/TigerVNC/tigervnc

diff options

author	Pierre Ossman <ossman@cendio.se>	2019-09-10 11:05:48 +0200
committer	Pierre Ossman <ossman@cendio.se>	2019-12-20 07:29:00 +0100
commit	042de4642293df9b72a08189c249e2da79cbca91 (patch)
tree	b47d1863065c0824d52fcebf0b48aa37484cd9b8 /common/rfb/JpegCompressor.h
parent	8f77cf8ea28b5e3507b0dc9b27738115944f2567 (diff)
download	tigervnc-042de4642293df9b72a08189c249e2da79cbca91.tar.gz tigervnc-042de4642293df9b72a08189c249e2da79cbca91.zip

Make ZlibInStream more robust against failures

Move the checks around to avoid missing cases where we might access memory that is no longer valid. Also avoid touching the underlying stream implicitly (e.g. via the destructor) as it might also no longer be valid. A malicious server could theoretically use this for remote code execution in the client. Issue found by Pavel Cheremushkin from Kaspersky Lab (cherry picked from commit d61a767d6842b530ffb532ddd5a3d233119aad40)

Diffstat (limited to 'common/rfb/JpegCompressor.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: