summaryrefslogtreecommitdiffstats
path: root/common/rfb/SMsgReader.h
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2019-09-10 11:05:48 +0200
committerPierre Ossman <ossman@cendio.se>2019-12-20 07:29:00 +0100
commit042de4642293df9b72a08189c249e2da79cbca91 (patch)
treeb47d1863065c0824d52fcebf0b48aa37484cd9b8 /common/rfb/SMsgReader.h
parent8f77cf8ea28b5e3507b0dc9b27738115944f2567 (diff)
downloadtigervnc-042de4642293df9b72a08189c249e2da79cbca91.tar.gz
tigervnc-042de4642293df9b72a08189c249e2da79cbca91.zip
Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access memory that is no longer valid. Also avoid touching the underlying stream implicitly (e.g. via the destructor) as it might also no longer be valid. A malicious server could theoretically use this for remote code execution in the client. Issue found by Pavel Cheremushkin from Kaspersky Lab (cherry picked from commit d61a767d6842b530ffb532ddd5a3d233119aad40)
Diffstat (limited to 'common/rfb/SMsgReader.h')
0 files changed, 0 insertions, 0 deletions