[Xen-devel] [PATCH 07/32] CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
Backport of qemu-upstream: * e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Signed-off-by: Andrew Cooper andrew.coop...@citrix.com --- vnc.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/vnc.c b/vnc.c index 7629dfa..7006a34 100644 --- a/vnc.c +++ b/vnc.c @@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs, return; } +switch (bits_per_pixel) { +case 8: +case 16: +case 32: +break; +default: +vnc_client_error(vs); +return; +} + vs-clientds = vs-serverds; vs-clientds.pf.rmax = red_max; count_bits(vs-clientds.pf.rbits, red_max); -- 1.7.10.4 ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
[Xen-devel] [PATCH 07/32] CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
Backport of qemu-upstream: * e6908bfe8e07f2b452e78e677da1b45b1c0f6829 Signed-off-by: Andrew Cooper andrew.coop...@citrix.com --- vnc.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/vnc.c b/vnc.c index 7629dfa..7006a34 100644 --- a/vnc.c +++ b/vnc.c @@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs, return; } +switch (bits_per_pixel) { +case 8: +case 16: +case 32: +break; +default: +vnc_client_error(vs); +return; +} + vs-clientds = vs-serverds; vs-clientds.pf.rmax = red_max; count_bits(vs-clientds.pf.rbits, red_max); -- 1.7.10.4 ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel