Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate

qemu-stable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer

From:	Marc-André Lureau
Subject:	Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
Date:	Wed, 22 Nov 2023 17:06:10 +0400

Hi

On Wed, Nov 22, 2023 at 5:00 PM Fiona Ebner <f.ebner@proxmox.com> wrote:
>
> Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
> inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
> required, because it can happen that stream.avail_in becomes zero
> before coming across a return value of Z_STREAM_END in the loop.

Isn't this an error from the client side then?

>
> This fixes the host->guest direction of the clipboard with noVNC and
> TigerVNC as clients.
>
> Fixes: d921fea338 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer 
> (CVE-2023-3255)")
> Reported-by: Friedrich Weber <f.weber@proxmox.com>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
>  ui/vnc-clipboard.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
> index c759be3438..124b6fbd9c 100644
> --- a/ui/vnc-clipboard.c
> +++ b/ui/vnc-clipboard.c
> @@ -69,6 +69,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t 
> in_len, uint32_t *size)
>          }
>      }
>
> +    *size = stream.total_out;
> +    inflateEnd(&stream);
> +
> +    return out;
> +
>  err_end:
>      inflateEnd(&stream);
>  err:
> --
> 2.39.2
>
>
>


-- 
Marc-André Lureau

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/22
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau <=
  - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/22
    - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/23
    - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/23
    - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/27
    - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/27
    - Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/28

Prev by Date: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
Next by Date: Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
Previous by thread: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
Next by thread: Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
Index(es):
- Date
- Thread