Revision: 5167 http://sourceforge.net/p/tigervnc/code/5167 Author: ossman_ Date: 2014-03-19 12:16:48 +0000 (Wed, 19 Mar 2014) Log Message: ----------- The ZRLE decoder relied on an assert() for boundary checks. A default Release build however will remove all asserts making it possible to overrun this buffer. This could be exploited by a malicious server. This issue has been assigned CVE-2014-0011. Patch by Tim Waugh for Red Hat.
Modified Paths: -------------- trunk/common/rfb/zrleDecode.h Modified: trunk/common/rfb/zrleDecode.h =================================================================== --- trunk/common/rfb/zrleDecode.h 2014-03-19 12:12:09 UTC (rev 5166) +++ trunk/common/rfb/zrleDecode.h 2014-03-19 12:16:48 UTC (rev 5167) @@ -25,9 +25,10 @@ // FILL_RECT - fill a rectangle with a single colour // IMAGE_RECT - draw a rectangle of pixel data from a buffer +#include <stdio.h> #include <rdr/InStream.h> #include <rdr/ZlibInStream.h> -#include <assert.h> +#include <rfb/Exception.h> namespace rfb { @@ -143,7 +144,10 @@ len += b; } while (b == 255); - assert(len <= end - ptr); + if (end - ptr < len) { + fprintf (stderr, "ZRLE decode error\n"); + throw Exception ("ZRLE decode error"); + } #ifdef FAVOUR_FILL_RECT int i = ptr - buf; @@ -193,7 +197,10 @@ len += b; } while (b == 255); - assert(len <= end - ptr); + if (end - ptr < len) { + fprintf (stderr, "ZRLE decode error\n"); + throw Exception ("ZRLE decode error"); + } } index &= 127; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/13534_NeoTech _______________________________________________ Tigervnc-commits mailing list Tigervnc-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-commits