[Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per_pixel from the

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per_pixel from the client
Date:	Thu, 30 Oct 2014 12:30:05 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: e6908bfe8e07f2b452e78e677da1b45b1c0f6829
      
https://github.com/qemu/qemu/commit/e6908bfe8e07f2b452e78e677da1b45b1c0f6829
  Author: Petr Matousek <address@hidden>
  Date:   2014-10-28 (Tue, 28 Oct 2014)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  vnc: sanitize bits_per_pixel from the client

bits_per_pixel that are less than 8 could result in accessing
non-initialized buffers later in the code due to the expectation
that bytes_per_pixel value that is used to initialize these buffers is
never zero.

To fix this check that bits_per_pixel from the client is one of the
values that the rfb protocol specification allows.

This is CVE-2014-7815.

Signed-off-by: Petr Matousek <address@hidden>

[ kraxel: apply codestyle fix ]

Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 9d6b20704734fe1ab789400806ebd54f579d50a2
      
https://github.com/qemu/qemu/commit/9d6b20704734fe1ab789400806ebd54f579d50a2
  Author: ChenLiang <address@hidden>
  Date:   2014-10-28 (Tue, 28 Oct 2014)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  vnc: return directly if no vnc client connected

graphic_hw_update and vnc_refresh_server_surface aren't
need to do when no vnc client connected. It can reduce
lock contention, because vnc_refresh will hold global big
lock two millisecond every three seconds.

Signed-off-by: ChenLiang <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: fecd54ccd79c647d7161878c92eba9bf37a4279d
      
https://github.com/qemu/qemu/commit/fecd54ccd79c647d7161878c92eba9bf37a4279d
  Author: Peter Maydell <address@hidden>
  Date:   2014-10-30 (Thu, 30 Oct 2014)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/pull-vnc-20141028-1' into 
staging

vnc: return directly if no vnc client connected
vnc: sanitize bits_per_pixel from the client (CVE-2014-7815)

# gpg: Signature made Tue 28 Oct 2014 10:52:31 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"

* remotes/kraxel/tags/pull-vnc-20141028-1:
  vnc: return directly if no vnc client connected
  vnc: sanitize bits_per_pixel from the client

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/f33f43bd86be...fecd54ccd79c

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per_pixel from the client, GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off hw accel
Next by Date: [Qemu-commits] [qemu/qemu] f032cf: libcacard: introduce new vcard_emul_logout
Previous by thread: [Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off hw accel
Next by thread: [Qemu-commits] [qemu/qemu] f032cf: libcacard: introduce new vcard_emul_logout
Index(es):
- Date
- Thread