]> xenbits.xensource.com Git - qemu-xen-traditional.git/commitdiff
projects / qemu-xen-traditional.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5e4ed9c)
CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
authorAndrew Cooper <andrew.cooper3@citrix.com>
Sat, 21 Feb 2015 19:21:11 +0000 (19:21 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 16 Oct 2015 15:52:06 +0000 (16:52 +0100)
Backport of qemu-upstream:
 * e6908bfe8e07f2b452e78e677da1b45b1c0f6829

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
vnc.c patch | blob | blame | history

diff --git a/vnc.c b/vnc.c
index 48e5c463aebe8815c533ca12c7f6249f8a50ff2c..573af3be053a5f2fb2a5c947c0e403b6688f6d61 100644 (file)
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs,
         return;
     }
 
+    switch (bits_per_pixel) {
+    case 8:
+    case 16:
+    case 32:
+        break;
+    default:
+        vnc_client_error(vs);
+        return;
+    }
+
     vs->clientds = vs->serverds;
     vs->clientds.pf.rmax = red_max;
     count_bits(vs->clientds.pf.rbits, red_max);
qemu-xen-traditional tree