@@ -412,11 +412,29 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep
412412extern void rfbClientEncryptBytes (unsigned char * bytes , char * passwd );
413413extern void rfbClientEncryptBytes2 (unsigned char * where , const int length , unsigned char * key );
414414
415+ static void
416+ ReadReason (rfbClient * client )
417+ {
418+ uint32_t reasonLen ;
419+ char * reason ;
420+
421+ if (!ReadFromRFBServer (client , (char * )& reasonLen , 4 )) return ;
422+ reasonLen = rfbClientSwap32IfLE (reasonLen );
423+ if (reasonLen > 1 <<20 ) {
424+ rfbClientLog ("VNC connection failed, but sent reason length of %u exceeds limit of 1MB" ,(unsigned int )reasonLen );
425+ return ;
426+ }
427+ reason = malloc (reasonLen + 1 );
428+ if (!ReadFromRFBServer (client , reason , reasonLen )) { free (reason ); return ; }
429+ reason [reasonLen ]= 0 ;
430+ rfbClientLog ("VNC connection failed: %s\n" ,reason );
431+ free (reason );
432+ }
433+
415434rfbBool
416435rfbHandleAuthResult (rfbClient * client )
417436{
418- uint32_t authResult = 0 , reasonLen = 0 ;
419- char * reason = NULL ;
437+ uint32_t authResult = 0 ;
420438
421439 if (!ReadFromRFBServer (client , (char * )& authResult , 4 )) return FALSE;
422440
@@ -431,13 +449,7 @@ rfbHandleAuthResult(rfbClient* client)
431449 if (client -> major == 3 && client -> minor > 7 )
432450 {
433451 /* we have an error following */
434- if (!ReadFromRFBServer (client , (char * )& reasonLen , 4 )) return FALSE;
435- reasonLen = rfbClientSwap32IfLE (reasonLen );
436- reason = malloc ((uint64_t )reasonLen + 1 );
437- if (!ReadFromRFBServer (client , reason , reasonLen )) { free (reason ); return FALSE; }
438- reason [reasonLen ]= 0 ;
439- rfbClientLog ("VNC connection failed: %s\n" ,reason );
440- free (reason );
452+ ReadReason (client );
441453 return FALSE;
442454 }
443455 rfbClientLog ("VNC authentication failed\n" );
@@ -452,21 +464,6 @@ rfbHandleAuthResult(rfbClient* client)
452464 return FALSE;
453465}
454466
455- static void
456- ReadReason (rfbClient * client )
457- {
458- uint32_t reasonLen ;
459- char * reason ;
460-
461- /* we have an error following */
462- if (!ReadFromRFBServer (client , (char * )& reasonLen , 4 )) return ;
463- reasonLen = rfbClientSwap32IfLE (reasonLen );
464- reason = malloc ((uint64_t )reasonLen + 1 );
465- if (!ReadFromRFBServer (client , reason , reasonLen )) { free (reason ); return ; }
466- reason [reasonLen ]= 0 ;
467- rfbClientLog ("VNC connection failed: %s\n" ,reason );
468- free (reason );
469- }
470467
471468static rfbBool
472469ReadSupportedSecurityType (rfbClient * client , uint32_t * result , rfbBool subAuth )
0 commit comments