[Xen-devel] [PATCH 07/32] CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
Backport of qemu-upstream:
* e6908bfe8e07f2b452e78e677da1b45b1c0f6829
Signed-off-by: Andrew Cooper andrew.coop...@citrix.com
---
vnc.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/vnc.c b/vnc.c
index 7629dfa..7006a34 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs,
return;
}
+switch (bits_per_pixel) {
+case 8:
+case 16:
+case 32:
+break;
+default:
+vnc_client_error(vs);
+return;
+}
+
vs-clientds = vs-serverds;
vs-clientds.pf.rmax = red_max;
count_bits(vs-clientds.pf.rbits, red_max);
--
1.7.10.4
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
[Xen-devel] [PATCH 07/32] CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
Backport of qemu-upstream:
* e6908bfe8e07f2b452e78e677da1b45b1c0f6829
Signed-off-by: Andrew Cooper andrew.coop...@citrix.com
---
vnc.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/vnc.c b/vnc.c
index 7629dfa..7006a34 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs,
return;
}
+switch (bits_per_pixel) {
+case 8:
+case 16:
+case 32:
+break;
+default:
+vnc_client_error(vs);
+return;
+}
+
vs-clientds = vs-serverds;
vs-clientds.pf.rmax = red_max;
count_bits(vs-clientds.pf.rbits, red_max);
--
1.7.10.4
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
