Skip to content
Permalink
Browse files Browse the repository at this point in the history
libvncclient/rfbproto: limit max textchat size
Addresses GitHub Security Lab (GHSL) Vulnerability Report
`GHSL-2020-063`.

Re #275
  • Loading branch information
bk138 committed Apr 10, 2020
1 parent 7c092e5 commit 8937203
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions libvncclient/rfbproto.c
Expand Up @@ -65,6 +65,7 @@
#endif
#include "tls.h"

#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */

/*
* rfbClientLog prints a time-stamped message to the log file (stderr).
Expand Down Expand Up @@ -2159,6 +2160,8 @@ HandleRFBServerMessage(rfbClient* client)
client->HandleTextChat(client, (int)rfbTextChatFinished, NULL);
break;
default:
if(msg.tc.length > MAX_TEXTCHAT_SIZE)
return FALSE;
buffer=malloc(msg.tc.length+1);
if (!ReadFromRFBServer(client, buffer, msg.tc.length))
{
Expand Down

0 comments on commit 8937203

Please sign in to comment.