| commit | e6908bfe8e07f2b452e78e677da1b45b1c0f6829 | |
| author | Petr Matousek <pmatouse@redhat.com> | |
| Mon, 27 Oct 2014 11:41:44 +0000 (27 12:41 +0100) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Tue, 28 Oct 2014 10:51:04 +0000 (28 11:51 +0100) | ||
| tree | 0afb5e0d8482271421d00a28574f15dd0066a664 | treesnapshot (tar.gz zip) |
| parent | 3e9418e160cd8901c83a3c88967158084f5b5c03 | commitdiff |
vnc: sanitize bits_per_pixel from the client
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
This is CVE-2014-7815.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.
To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.
This is CVE-2014-7815.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
[ kraxel: apply codestyle fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| ui/vnc.c | diffblobblamehistory |