Author: arekm Date: Wed Jan 21 08:29:29 2009 GMT Module: SOURCES Tag: HEAD ---- Log message: - upstream fix
---- Files affected: SOURCES: qemu-CVE-2008-2382.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/qemu-CVE-2008-2382.patch diff -u /dev/null SOURCES/qemu-CVE-2008-2382.patch:1.1 --- /dev/null Wed Jan 21 09:29:30 2009 +++ SOURCES/qemu-CVE-2008-2382.patch Wed Jan 21 09:29:24 2009 @@ -0,0 +1,27 @@ +Fix CORE-2008-1210 VNC DoS + +If the client sends us a limit of zero, handle appropriately. + +Signed-off-by: Anthony Liguori <[email protected]> + +diff --git a/vnc.c b/vnc.c +index 3a7d762..575fd68 100644 +--- a/vnc.c ++++ b/vnc.c +@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + if (len == 1) + return 4; + +- if (len == 4) +- return 4 + (read_u16(data, 2) * 4); ++ if (len == 4) { ++ limit = read_u16(data, 2); ++ if (limit > 0) ++ return 4 + (limit * 4); ++ } else ++ limit = read_u16(data, 2); + +- limit = read_u16(data, 2); + for (i = 0; i < limit; i++) { + int32_t val = read_s32(data, 4 + (i * 4)); + memcpy(data + 4 + (i * 4), &val, sizeof(val)); ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
