xenbits.xensource.com Git - qemu-upstream-4.5-testing.git/commit

]> xenbits.xensource.com Git - qemu-upstream-4.5-testing.git/commit

projects / qemu-upstream-4.5-testing.git / commit

author	Peter Lieven <pl@kamp.de>
	Mon, 30 Jun 2014 08:07:54 +0000 (10:07 +0200)
committer	Stefano Stabellini <stefano.stabellini@eu.citrix.com>
	Tue, 8 Sep 2015 11:25:32 +0000 (11:25 +0000)
commit	c6dc376c4b5292769582137867d1be6c3960b5c7
tree	14a1215b9b771ac9430fbcf30b6fdce2a85b7553	tree
parent	f74d682ee4878af6a8e943f5f0b595af92b20084	commit \| diff

ui/vnc: limit client_cut_text msg payload size

currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.

This patch limits the payload size to 1MB max.

Please note that client_cut_text messages are currently
silently ignored.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

ui/vnc.c

diff | blob | history

Obsolete Upstream Qemu based repository for xen-4.5-testing

RSS Atom