SOURCES: qemu-CVE-2008-2382.patch (NEW) - upstream fix

arekm arekm at pld-linux.org
Wed Jan 21 09:29:29 CET 2009


Author: arekm                        Date: Wed Jan 21 08:29:29 2009 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- upstream fix

---- Files affected:
SOURCES:
   qemu-CVE-2008-2382.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/qemu-CVE-2008-2382.patch
diff -u /dev/null SOURCES/qemu-CVE-2008-2382.patch:1.1
--- /dev/null	Wed Jan 21 09:29:30 2009
+++ SOURCES/qemu-CVE-2008-2382.patch	Wed Jan 21 09:29:24 2009
@@ -0,0 +1,27 @@
+Fix CORE-2008-1210 VNC DoS
+
+If the client sends us a limit of zero, handle appropriately.
+
+Signed-off-by: Anthony Liguori <aliguori at us.ibm.com>
+
+diff --git a/vnc.c b/vnc.c
+index 3a7d762..575fd68 100644
+--- a/vnc.c
++++ b/vnc.c
+@@ -1503,10 +1503,13 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
+ 	if (len == 1)
+ 	    return 4;
+ 
+-	if (len == 4)
+-	    return 4 + (read_u16(data, 2) * 4);
++	if (len == 4) {
++            limit = read_u16(data, 2);
++            if (limit > 0)
++                return 4 + (limit * 4);
++        } else
++            limit = read_u16(data, 2);
+ 
+-	limit = read_u16(data, 2);
+ 	for (i = 0; i < limit; i++) {
+ 	    int32_t val = read_s32(data, 4 + (i * 4));
+ 	    memcpy(data + 4 + (i * 4), &val, sizeof(val));
================================================================


More information about the pld-cvs-commit mailing list