Skip to content

Commit

Permalink
LibVNCClient: ignore server-sent cut text longer than 1MB
Browse files Browse the repository at this point in the history
This is in line with how LibVNCServer does it
(28afb6c) and fixes part of #273.
  • Loading branch information
bk138 committed Dec 29, 2018
1 parent 5d84ade commit c5ba3fe
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions libvncclient/rfbproto.c
Original file line number Diff line number Diff line change
Expand Up @@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)

msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);

if (msg.sct.length > 1<<20) {
rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
return FALSE;
}

buffer = malloc((uint64_t)msg.sct.length+1);

if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {
Expand Down

0 comments on commit c5ba3fe

Please sign in to comment.