Google Git
Sign in
qemu-android / qemu-android / f9a70e79391f6d7c2a912d785239ee8effc1922d
commitf9a70e79391f6d7c2a912d785239ee8effc1922d[log] [tgz]
authorPeter Lieven <pl@kamp.de>Mon Jun 30 10:07:54 2014 +0200
committerGerd Hoffmann <kraxel@redhat.com>Tue Jul 01 13:26:40 2014 +0200
treef95be292b3ca307867ec831a3cef9720578ac04f
parentb3959efdbb2dc3d5959e3b0a8e188126930beca8 [diff]
ui/vnc: limit client_cut_text msg payload size

currently a malicious client could define a payload
size of 2^32 - 1 bytes and send up to that size of
data to the vnc server. The server would allocated
that amount of memory which could easily create an
out of memory condition.

This patch limits the payload size to 1MB max.

Please note that client_cut_text messages are currently
silently ignored.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
1 file changed
tree: f95be292b3ca307867ec831a3cef9720578ac04f
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. default-configs/
  6. disas/
  7. docs/
  8. fpu/
  9. fsdev/
  10. gdb-xml/
  11. hw/
  12. include/
  13. libcacard/
  14. libdecnumber/
  15. linux-headers/
  16. linux-user/
  17. net/
  18. pc-bios/
  19. po/
  20. qapi/
  21. qga/
  22. qobject/
  23. qom/
  24. roms/
  25. scripts/
  26. slirp/
  27. stubs/
  28. sysconfigs/
  29. target-alpha/
  30. target-arm/
  31. target-cris/
  32. target-i386/
  33. target-lm32/
  34. target-m68k/
  35. target-microblaze/
  36. target-mips/
  37. target-moxie/
  38. target-openrisc/
  39. target-ppc/
  40. target-s390x/
  41. target-sh4/
  42. target-sparc/
  43. target-unicore32/
  44. target-xtensa/
  45. tcg/
  46. tests/
  47. trace/
  48. ui/
  49. util/
  50. dtc
  51. pixman
  52. .exrc
  53. .gitignore
  54. .gitmodules
  55. .mailmap
  56. .travis.yml
  57. aio-posix.c
  58. aio-win32.c
  59. arch_init.c
  60. async.c
  61. balloon.c
  62. block-migration.c
  63. block.c
  64. blockdev-nbd.c
  65. blockdev.c
  66. blockjob.c
  67. bt-host.c
  68. bt-vhci.c
  69. Changelog
  70. CODING_STYLE
  71. configure
  72. COPYING
  73. COPYING.LIB
  74. coroutine-gthread.c
  75. coroutine-sigaltstack.c
  76. coroutine-ucontext.c
  77. coroutine-win32.c
  78. cpu-exec.c
  79. cpus.c
  80. cputlb.c
  81. device-hotplug.c
  82. device_tree.c
  83. disas.c
  84. dma-helpers.c
  85. dump.c
  86. exec.c
  87. gdbstub.c
  88. HACKING
  89. hmp-commands.hx
  90. hmp.c
  91. hmp.h
  92. iohandler.c
  93. ioport.c
  94. iothread.c
  95. kvm-all.c
  96. kvm-stub.c
  97. LICENSE
  98. main-loop.c
  99. MAINTAINERS
  100. Makefile
  101. Makefile.objs
  102. Makefile.target
  103. memory.c
  104. memory_mapping.c
  105. migration-exec.c
  106. migration-fd.c
  107. migration-rdma.c
  108. migration-tcp.c
  109. migration-unix.c
  110. migration.c
  111. module-common.c
  112. monitor.c
  113. nbd.c
  114. numa.c
  115. os-posix.c
  116. os-win32.c
  117. page_cache.c
  118. qapi-schema.json
  119. qdev-monitor.c
  120. qdict-test-data.txt
  121. qemu-bridge-helper.c
  122. qemu-char.c
  123. qemu-coroutine-io.c
  124. qemu-coroutine-lock.c
  125. qemu-coroutine-sleep.c
  126. qemu-coroutine.c
  127. qemu-doc.texi
  128. qemu-file.c
  129. qemu-img-cmds.hx
  130. qemu-img.c
  131. qemu-img.texi
  132. qemu-io-cmds.c
  133. qemu-io.c
  134. qemu-log.c
  135. qemu-nbd.c
  136. qemu-nbd.texi
  137. qemu-options-wrapper.h
  138. qemu-options.h
  139. qemu-options.hx
  140. qemu-seccomp.c
  141. qemu-tech.texi
  142. qemu-timer.c
  143. qemu.nsi
  144. qemu.sasl
  145. qmp-commands.hx
  146. qmp.c
  147. qtest.c
  148. README
  149. rules.mak
  150. savevm.c
  151. softmmu_template.h
  152. spice-qemu-char.c
  153. tcg-runtime.c
  154. tci.c
  155. thread-pool.c
  156. thunk.c
  157. tpm.c
  158. trace-events
  159. translate-all.c
  160. translate-all.h
  161. user-exec.c
  162. VERSION
  163. version.rc
  164. vl.c
  165. vmstate.c
  166. xbzrle.c
  167. xen-common-stub.c
  168. xen-common.c
  169. xen-hvm-stub.c
  170. xen-hvm.c
  171. xen-mapcache.c