]> xenbits.xensource.com Git - qemu-upstream-4.2-testing.git/commit
projects / qemu-upstream-4.2-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0cfe152) | patch
vnc: sanitize bits_per_pixel from the client
authorPetr Matousek <pmatouse@redhat.com>
Mon, 27 Oct 2014 11:41:44 +0000 (12:41 +0100)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Thu, 5 Mar 2015 13:22:12 +0000 (13:22 +0000)
commit375710483e6cc73df7276d6cfdf63dda8cbab5f2
tree2d8d39d33c69d83d5b912dd6b1b99282987d9c6atree
parent0cfe152644456afec593a3e3dc0363dd10d39067commit | diff
vnc: sanitize bits_per_pixel from the client

bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.

This is CVE-2014-7815.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Conflicts:
ui/vnc.c
ui/vnc.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable