Skip to content

Commit c5ba3fe

Browse files
committed
LibVNCClient: ignore server-sent cut text longer than 1MB
This is in line with how LibVNCServer does it (28afb6c) and fixes part of #273.
1 parent 5d84ade commit c5ba3fe

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

Diff for: libvncclient/rfbproto.c

+5
Original file line numberDiff line numberDiff line change
@@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)
22172217

22182218
msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);
22192219

2220+
if (msg.sct.length > 1<<20) {
2221+
rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
2222+
return FALSE;
2223+
}
2224+
22202225
buffer = malloc((uint64_t)msg.sct.length+1);
22212226

22222227
if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {

0 commit comments

Comments
 (0)