diff options
Diffstat (limited to 'package/libvncserver/libvncserver-0002-CVE-2014-6053.patch')
-rw-r--r-- | package/libvncserver/libvncserver-0002-CVE-2014-6053.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch b/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch new file mode 100644 index 0000000000..23b8adaf1e --- /dev/null +++ b/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch @@ -0,0 +1,21 @@ +Description: fix denial of service via large ClientCutText message +Origin: backport, https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> + +Index: libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c +=================================================================== +--- libvncserver-0.9.9+dfsg.orig/libvncserver/rfbserver.c 2012-05-04 10:19:00.000000000 -0400 ++++ libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c 2014-09-25 11:12:36.124058413 -0400 +@@ -2457,6 +2457,11 @@ + msg.cct.length = Swap32IfLE(msg.cct.length); + + str = (char *)malloc(msg.cct.length); ++ if (str == NULL) { ++ rfbLogPerror("rfbProcessClientNormalMessage: not enough memory"); ++ rfbCloseClient(cl); ++ return; ++ } + + if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) { + if (n != 0) |