We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 5d84ade commit c5ba3feCopy full SHA for c5ba3fe
libvncclient/rfbproto.c
@@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)
2217
2218
msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);
2219
2220
+ if (msg.sct.length > 1<<20) {
2221
+ rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
2222
+ return FALSE;
2223
+ }
2224
+
2225
buffer = malloc((uint64_t)msg.sct.length+1);
2226
2227
if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {
0 commit comments