1 files changed, 21 insertions, 0 deletions

diff --git a/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch b/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch
new file mode 100644
index 0000000000..23b8adaf1e
--- /dev/null
+++ b/package/libvncserver/libvncserver-0002-CVE-2014-6053.patch
@@ -0,0 +1,21 @@
+Description: fix denial of service via large ClientCutText message
+Origin: backport, https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+Index: libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c
+===================================================================
+--- libvncserver-0.9.9+dfsg.orig/libvncserver/rfbserver.c	2012-05-04 10:19:00.000000000 -0400
++++ libvncserver-0.9.9+dfsg/libvncserver/rfbserver.c	2014-09-25 11:12:36.124058413 -0400
+@@ -2457,6 +2457,11 @@
+ 	msg.cct.length = Swap32IfLE(msg.cct.length);
+ 
+ 	str = (char *)malloc(msg.cct.length);
++	if (str == NULL) {
++		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
++		rfbCloseClient(cl);
++		return;
++	}
+ 
+ 	if ((n = rfbReadExact(cl, str, msg.cct.length)) <= 0) {
+ 	    if (n != 0)