Overview

File LibVNCServer-CVE-2019-20788.patch of Package LibVNCServer.25862

Index: libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c
===================================================================
--- libvncserver-LibVNCServer-0.9.12.orig/libvncclient/rfbproto.c	2019-01-06 20:09:30.000000000 +0100
+++ libvncserver-LibVNCServer-0.9.12/libvncclient/rfbproto.c	2020-04-27 10:32:26.192984242 +0200
@@ -225,6 +225,7 @@ ClearServer2Client(rfbClient* client, in
   client->supportedMessages.server2client[((messageType & 0xFF)/8)] &= (!(1<<(messageType % 8)));
 }
 
+#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */
 
 void
 DefaultSupportedMessages(rfbClient* client)
@@ -2268,6 +2269,8 @@ HandleRFBServerMessage(rfbClient* client
               client->HandleTextChat(client, (int)rfbTextChatFinished, NULL);
           break;
       default:
+	  if(msg.tc.length > MAX_TEXTCHAT_SIZE)
+	      return FALSE;
           buffer=malloc(msg.tc.length+1);
           if (!ReadFromRFBServer(client, buffer, msg.tc.length))
           {
openSUSE Build Service is sponsored by
Places