Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer

[Fiona Ebner]

Am 22.11.23 um 14:06 schrieb Marc-André Lureau:
> Hi
> 
> On Wed, Nov 22, 2023 at 5:00 PM Fiona Ebner <f.ebner@proxmox.com> wrote:
>>
>> Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
>> inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
>> required, because it can happen that stream.avail_in becomes zero
>> before coming across a return value of Z_STREAM_END in the loop.
> 
> Isn't this an error from the client side then?
> 

In my test just now I get Z_BUF_ERROR twice and after the second one,
stream.avail_in is zero. Maybe if you'd call inflate() again, you'd get
Z_STREAM_END, but no such call is made, because we exit the loop.

Would it be better/more correct to ensure that inflate is called again
in such a scenario?

Best Regards,
Fiona