[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-traditional stable-4.5] CVE-2014-7815: vnc: sanitize bits_per_pixel from the client



commit f37beb104956d1095d34e6e523c3e6ea9cde9f94
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Sat Feb 21 19:21:11 2015 +0000
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Tue May 10 19:04:49 2016 +0100

    CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
    
    Backport of qemu-upstream:
     * e6908bfe8e07f2b452e78e677da1b45b1c0f6829
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 vnc.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/vnc.c b/vnc.c
index 48e5c46..573af3b 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1616,6 +1616,16 @@ static void set_pixel_format(VncState *vs,
         return;
     }
 
+    switch (bits_per_pixel) {
+    case 8:
+    case 16:
+    case 32:
+        break;
+    default:
+        vnc_client_error(vs);
+        return;
+    }
+
     vs->clientds = vs->serverds;
     vs->clientds.pf.rmax = red_max;
     count_bits(vs->clientds.pf.rbits, red_max);
--
generated by git-patchbot for /home/xen/git/qemu-xen-traditional.git#stable-4.5

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.