Skip to content

Commit 8937203

Browse files
committed
libvncclient/rfbproto: limit max textchat size
Addresses GitHub Security Lab (GHSL) Vulnerability Report `GHSL-2020-063`. Re #275
1 parent 7c092e5 commit 8937203

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: libvncclient/rfbproto.c

+3
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,7 @@
6565
#endif
6666
#include "tls.h"
6767

68+
#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */
6869

6970
/*
7071
* rfbClientLog prints a time-stamped message to the log file (stderr).
@@ -2159,6 +2160,8 @@ HandleRFBServerMessage(rfbClient* client)
21592160
client->HandleTextChat(client, (int)rfbTextChatFinished, NULL);
21602161
break;
21612162
default:
2163+
if(msg.tc.length > MAX_TEXTCHAT_SIZE)
2164+
return FALSE;
21622165
buffer=malloc(msg.tc.length+1);
21632166
if (!ReadFromRFBServer(client, buffer, msg.tc.length))
21642167
{

0 commit comments

Comments
 (0)