| commit | f9a70e79391f6d7c2a912d785239ee8effc1922d | |
| author | Peter Lieven <pl@kamp.de> | |
| Mon, 30 Jun 2014 08:07:54 +0000 (30 10:07 +0200) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Tue, 1 Jul 2014 11:26:40 +0000 (1 13:26 +0200) | ||
| tree | f95be292b3ca307867ec831a3cef9720578ac04f | treesnapshot (tar.gz zip) |
| parent | b3959efdbb2dc3d5959e3b0a8e188126930beca8 | commitdiff |
ui/vnc: limit client_cut_text msg payload size
currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.
This patch limits the payload size to 1MB max.
Please note that client_cut_text messages are currently
silently ignored.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.
This patch limits the payload size to 1MB max.
Please note that client_cut_text messages are currently
silently ignored.
Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| ui/vnc.c | diffblobblamehistory |