diff options
Diffstat (limited to 'pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch')
-rw-r--r-- | pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch b/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch new file mode 100644 index 00000000000..cd65d2fb5dd --- /dev/null +++ b/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch @@ -0,0 +1,18 @@ +Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a +diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c +index 04b0230..47a6863 100644 +--- a/vncviewer/rfbproto.c ++++ b/vncviewer/rfbproto.c +@@ -1217,6 +1217,12 @@ HandleRFBServerMessage() + if (serverCutText) + free(serverCutText); + ++ if (msg.sct.length > 1<<20) { ++ fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n", ++ (unsigned int)msg.sct.length); ++ return False; ++ } ++ + serverCutText = malloc(msg.sct.length+1); + + if (!ReadFromRFBServer(serverCutText, msg.sct.length)) |