summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* TigerVNC 1.10.1v1.10.11.10-branchPierre Ossman2019-12-202-3/+3
|
* Fix link order of nettle and hogweedPierre Ossman2019-12-201-1/+1
| | | | | | | Hogweed needs nettle, not the other way around. So make sure they are specified in the correct order for the static link to succeed. (cherry picked from commit 5ef3a70d1d1d3932a31e1785e4b687634f0c1ec6)
* Handle pixel formats with odd shift valuesPierre Ossman2019-12-202-0/+12
| | | | | | | | | | | Our fast paths assume that each channel fits in to a separate byte. That means the shift needs to be a multiple of 8. Start actually checking this so that a client cannot trip us up and possibly cause incorrect code exection. Issue found by Pavel Cheremushkin from Kaspersky Lab. (cherry picked from commit 05e28490873a861379c943bf616614b78b558b89)
* Add unit tests for PixelFormat.is888() detectionPierre Ossman2019-12-201-1/+59
| | | | (cherry picked from commit 91bdaa6c87a7f311163b5f1e4bbcd9de584968cd)
* Be defensive about overflows in stream objectsPierre Ossman2019-12-2013-48/+75
| | | | | | | | | | | | | | We use a lot of lengths given to us over the network, so be more paranoid about them causing an overflow as otherwise an attacker might trick us in to overwriting other memory. This primarily affects the client which often gets lengths from the server, but there are also some scenarios where the server might theoretically be vulnerable. Issue found by Pavel Cheremushkin from Kaspersky Lab. (cherry picked from commit 75e6e0653a48baf474fd45d78b1da53e2f324642)
* Use size_t for lengths in stream objectsPierre Ossman2019-12-2032-182/+184
| | | | | | | | | | Provides safety against them accidentally becoming negative because of bugs in the calculations. Also does the same to CharArray and friends as they were strongly connection to the stream objects. (cherry picked from commit 0943c006c7d900dfc0281639e992791d6c567438)
* Remove unused FixedMemOutStreamPierre Ossman2019-12-201-52/+0
| | | | (cherry picked from commit 4ff58f0acaeb566b79ae12cf013b376eaaaab834)
* Add sanity checks for PixelFormat shift valuesPierre Ossman2019-12-202-0/+13
| | | | | | | | | | | | | | Otherwise we might be tricked in to reading and writing things at incorrect offsets for pixels which ultimately could result in an attacker writing things to the stack or heap and executing things they shouldn't. This only affects the server as the client never uses the pixel format suggested by th server. Issue found by Pavel Cheremushkin from Kaspersky Lab. (cherry picked from commit cd1d650c532a46e95a1229dffaf281c76a50cdfe)
* Fix depth sanity test in PixelFormatPierre Ossman2019-12-202-1/+5
| | | | (cherry picked from commit f1b9b868ec943d51ef631f53a095d48d3f178f4f)
* Add unit test for PixelFormat sanity checksPierre Ossman2019-12-203-1/+119
| | | | (cherry picked from commit 014c5012377519d7f0add23ebac077ccd882aa9f)
* Handle empty Tight gradient rectsPierre Ossman2019-12-201-16/+21
| | | | | | | | | | | | We always assumed there would be one pixel per row so a rect with a zero width would result in us writing to unknown memory. This could theoretically be used by a malicious server to inject code in to the viewer process. Issue found by Pavel Cheremushkin from Kaspersky Lab. (cherry picked from commit b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95)
* Add write protection to OffsetPixelBufferPierre Ossman2019-12-202-0/+9
| | | | | | | | No one should every try to write to this buffer. Enforce that by throwing an exception if any one tries to get a writeable pointer to the data. (cherry picked from commit 9f615301aba1cc54a749950bf9462c5a85217bc4)
* Restrict PixelBuffer dimensions to safe valuesPierre Ossman2019-12-201-0/+22
| | | | | | | | | | | | | | | | | | | | We do a lot of calculations based on pixel coordinates and we need to make sure they do not overflow. Restrict the maximum dimensions we support rather than try to switch over all calculations to use 64 bit integers. This prevents attackers from from injecting code by specifying a huge framebuffer size and relying on the values overflowing to access invalid areas of the heap. This primarily affects the client which gets both the screen dimensions and the pixel contents from the remote side. But the server might also be affected as a client can adjust the screen dimensions, as can applications inside the session. Issue found by Pavel Cheremushkin from Kaspersky Lab. (cherry picked from commit 996356b6c65ca165ee1ea46a571c32a1dc3c3821)
* Encapsulate PixelBuffer internal detailsPierre Ossman2019-12-209-102/+111
| | | | | | | | Don't allow subclasses to just override dimensions or buffer details directly and instead force them to go via methods. This allows us to do sanity checks on the new values and catch bugs and attacks. (cherry picked from commit 53f913a76196c7357d4858bfbf2c33caa9181bae)
* Make ZlibInStream more robust against failuresPierre Ossman2019-12-206-11/+16
| | | | | | | | | | | | | | Move the checks around to avoid missing cases where we might access memory that is no longer valid. Also avoid touching the underlying stream implicitly (e.g. via the destructor) as it might also no longer be valid. A malicious server could theoretically use this for remote code execution in the client. Issue found by Pavel Cheremushkin from Kaspersky Lab (cherry picked from commit d61a767d6842b530ffb532ddd5a3d233119aad40)
* Update Finnish translationLauri Nurmi2019-12-201-302/+360
| | | | (cherry picked from commit 7ac36ad42f70ff91224c5788b071825094a67d0e)
* Update Hungarian translationBalázs Úr2019-12-201-116/+190
| | | | (cherry picked from commit 47c7de60082a7f66c0965eb6e8b5efe4e5109c0e)
* Add Korean translationJiYoon Kwon2019-12-202-0/+729
| | | | (cherry picked from commit 36454cfa880377d2c3adfaa84c4944634233757b)
* TigerVNC 1.10.0v1.10.0Pierre Ossman2019-11-183-4/+4
|
* Update Swedish translationGöran Uddeborg2019-11-181-105/+93
| | | | (cherry picked from commit bbbb67ee32b4ce909157ffc5af13a449059d4cdf)
* Update Czech translationPetr Pisar2019-11-181-104/+104
| | | | (cherry picked from commit bae4f60b088a5a6b8eb339fce59aaa85d1ae4f4a)
* Update Russian translationYuri Kozlov2019-11-181-104/+104
| | | | (cherry picked from commit fb7667646f5472b43435a4019edeb4e4a7a433ec)
* Update Brazilian Portuguese translationRafael Fontenelle2019-11-181-105/+105
| | | | (cherry picked from commit eea96c4e40cfa7a03a463c11b773331af5e17eb3)
* Update Bulgarian translationAlexander Shopov2019-11-181-104/+93
| | | | (cherry picked from commit 16abf6bcefe6004a564e86c54c8649d338634288)
* Update German translationMario Blättermann2019-11-181-239/+95
| | | | (cherry picked from commit e1210592c9912a47ca9f89971504e2f3892f8e3c)
* Update Ukrainian translationYuri Chornoivan2019-11-181-106/+106
| | | | (cherry picked from commit 71b0d7c86cc19ecf82d600acb30ce8683f7e0b22)
* Update Chinese (traditional) translationpan934122019-11-181-103/+103
| | | | (cherry picked from commit 13b58d920647923d717b084aa5c71139ed5180b5)
* Set explicit connect timeout on socket and use timer instead of counting ↵Brian P. Hinz2019-11-061-2/+3
| | | | iterations
* Poll local socket to make sure SSH tunnel is ready before connectingBrian P. Hinz2019-11-041-2/+29
|
* Fix external SSH arguments dialogBrian P. Hinz2019-11-032-19/+18
|
* Fix for dialog modality on Mac OS XBrian P. Hinz2019-11-031-0/+3
|
* Fix for issue #796Brian P. Hinz2019-11-033-28/+25
|
* Using socket.getPeerName() causes DNS lookup and noticable UI stallBrian P. Hinz2019-11-021-4/+2
|
* [java] Add support for java 9+ (removes support for java 7). Fixes #708,#771Brian P. Hinz2019-10-222-5/+17
|
* [java] Trim any leading/trailing whitespace from servernameBrian P. Hinz2019-10-221-0/+1
|
* TigerVNC 1.9.90 (1.10.0 beta)v1.9.90Pierre Ossman2019-10-183-4/+4
|
* Update translation template filePierre Ossman2019-10-181-96/+84
|
* Merge branch 'fix-mistake' of https://github.com/gschwind/tigervncPierre Ossman2019-10-141-2/+2
|\
| * fix to early remove of iterator in VNCServerST::removeSocketBenoit Gschwind2019-08-241-2/+2
| |
* | Fix bad PixelBuffer reference in VNCServerST::setPixelBuffer()Pierre Ossman2019-10-041-1/+1
| | | | | | | | | | We need to examine the incoming PixelBuffer, not the previous one (which might not even be valid).
* | Merge pull request #866 from gschwind/fix-wrong-test-orderSamuel Mannehed2019-10-020-0/+0
|\ \ | | | | | | fix test order in convertLF and convertCRLF
| * | fix test order in convertLF and convertCRLFBenoit Gschwind2019-08-301-4/+4
| |/ | | | | | | The new order of test avoid ready invalid memory address in ca.buf
* | Fix length checks in string conversion functionsPierre Ossman2019-09-251-16/+16
| | | | | | | | | | | | | | | | We need to check the buffer length before accessing the incoming string. Probably not a problem in practice as there should be a final null in most incoming strings. Issue found by Pavel Cheremushkin from Kaspersky Lab.
* | Add unit tests for convertLF() and convertCRLF()Pierre Ossman2019-09-252-0/+127
| |
* | Split test programs to benchmarking and unit testsPierre Ossman2019-09-2517-45/+51
| | | | | | | | | | They have very different purpose, so make things easier to work with by having multiple directories.
* | Use display polling by default in WinVNCPierre Ossman2019-09-061-1/+1
|/ | | | | Window hooks aren't working well on modern systems so switch the default to polling until we can fix things.
* Merge pull request #849 from grulja/masterSamuel Mannehed2019-07-151-1/+1
|\ | | | | Do not return returncode indicating error when listing sessions
| * Do not return returncode indicating error when listing sessionsJan Grulich2019-07-111-1/+1
|/
* Merge branch 'exclipboard' of https://github.com/CendioOssman/tigervncPierre Ossman2019-07-0154-433/+2192
|\
| * Support extended clipboard transfersPierre Ossman2019-07-0123-37/+812
| | | | | | | | | | | | | | Implements support in both client and server for the extended clipboard format first seen in UltraVNC. Currently only implements text handling, but that is still an improvement as it extends the clipboard from ISO 8859-1 to full Unicode.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-03 13:51:28 +0000