Tree - rpms/libvncserver - CentOS Git server

Blob History Raw

		090aae	`commit 6037a9074d52b1963c97cb28ea1096c7c14cbf28`
		090aae	`Author: Nicolas Ruff <nruff@google.com>`
		090aae	`Date: Mon Aug 18 15:16:16 2014 +0200`
		090aae
		090aae	`Check malloc() return value on client->server ClientCutText message. Client can send up to 2**32-1 bytes of text, and such a large allocation is likely to fail in case of high memory pressure. This would in a server crash (write at address 0).`
		090aae
		090aae	`diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c`
		090aae	`index 5f3b31d..7e43fe3 100644`
		090aae	`--- a/libvncserver/rfbserver.c`
		090aae	`+++ b/libvncserver/rfbserver.c`
		090aae	`@@ -2461,6 +2461,11 @@ rfbProcessClientNormalMessage(rfbClientPtr cl)`
		090aae	`msg.cct.length = Swap32IfLE(msg.cct.length);`
		090aae
		090aae	`str = (char *)malloc(msg.cct.length);`
		090aae	`+ if (str == NULL) {`
		090aae	`+ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");`
		090aae	`+ rfbCloseClient(cl);`
		090aae	`+ return;`
		090aae	`+ }`
		090aae
		090aae	`if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) {`
		090aae	`if (n != 0)`