WebSVN - Blame - Rev 56 - /ssvnc/trunk/debian/patches/libvncclient

Rev	Author	Line No.	Line
56	magnus	1	Description: CVE-2018-20024
		2	null pointer dereference in VNC client code that can result DoS.
		3	---
		4
		5	Author: Abhijith PA <abhijith@debian.org>
		6	Origin: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
		7	Bug: https://github.com/LibVNC/libvncserver/issues/254
		8	Bug-Debian: https://bugs.debian.org/916941
		9	Last-Update: 2018-12-23
		10
		11	[sunweaver] Investigate CVE-2018-20024 in ssvnc and find similar issues in zrle.c and zlib.c.
		12	The ultra.c code that this has originally been reported against is not present in
		13	ssvnc.
		14
		15	--- a/vnc_unixsrc/vncviewer/zlib.c
		16	+++ b/vnc_unixsrc/vncviewer/zlib.c
		17	@@ -55,6 +55,11 @@
		18	raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
		19	raw_buffer = (char*) malloc( raw_buffer_size );
		20
		21	+ if (raw_buffer == NULL) {
		22	+
		23	+ return False;
		24	+
		25	+ }
		26	}
		27
		28	if (!ReadFromRFBServer((char *)&hdr, sz_rfbZlibHeader))
		29	--- a/vnc_unixsrc/vncviewer/zrle.c
		30	+++ b/vnc_unixsrc/vncviewer/zrle.c
		31	@@ -132,6 +132,12 @@
		32	raw_buffer_size = min_buffer_size;
		33	raw_buffer = (char*) malloc( raw_buffer_size );
		34
		35	+ if ( raw_buffer == NULL ) {
		36	+
		37	+ return False;
		38	+
		39	+ }
		40	+
		41	}
		42
		43	if (!ReadFromRFBServer((char *)&header, sz_rfbZRLEHeader))

Subversion Repositories