File U_tigervnc-fix-checkNoWait-logic-in-SSecurityPlain.patch of Package tigervnc.openSUSE_Leap_42.2_Update

Git-commit: 9801c5efcf8c1774d9c807ebd5d27ac7049ad993
Patch-Mainline: Upstream
References: bnc#1031879
From: Michal Srb <michalsrb@gmail.com>
Subject: Fix checkNoWait logic in SSecurityPlain.

Currently it proceeds only if there aren't enough data in queue and then it blocks waiting.
Also the required amount to receive from network is (ulen + plen), not (ulen + plen + 2).

This allowed not authenticated clients to deny service to everyone.

diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index f5a5cc7..0531549 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -92,7 +92,7 @@ bool SSecurityPlain::processMsg(SConnection* sc)
   }
 
   if (state == 1) {
-    if (is->checkNoWait(ulen + plen + 2))
+    if (!is->checkNoWait(ulen + plen))
       return false;
     state = 2;
     pw = new char[plen + 1];