Skip to content
Permalink
Browse files Browse the repository at this point in the history
LibVNCClient: ignore server-sent cut text longer than 1MB
This is in line with how LibVNCServer does it
(28afb6c) and fixes part of #273.
  • Loading branch information
bk138 committed Dec 29, 2018
1 parent 5d84ade commit c5ba3fe
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions libvncclient/rfbproto.c
Expand Up @@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)

msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);

if (msg.sct.length > 1<<20) {
rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
return FALSE;
}

buffer = malloc((uint64_t)msg.sct.length+1);

if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {
Expand Down

0 comments on commit c5ba3fe

Please sign in to comment.