[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer
From: |
Fiona Ebner |
Subject: |
Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer |
Date: |
Wed, 22 Nov 2023 14:25:16 +0100 |
User-agent: |
Mozilla Thunderbird |
Am 22.11.23 um 14:06 schrieb Marc-André Lureau:
> Hi
>
> On Wed, Nov 22, 2023 at 5:00 PM Fiona Ebner <f.ebner@proxmox.com> wrote:
>>
>> Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
>> inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
>> required, because it can happen that stream.avail_in becomes zero
>> before coming across a return value of Z_STREAM_END in the loop.
>
> Isn't this an error from the client side then?
>
In my test just now I get Z_BUF_ERROR twice and after the second one,
stream.avail_in is zero. Maybe if you'd call inflate() again, you'd get
Z_STREAM_END, but no such call is made, because we exit the loop.
Would it be better/more correct to ensure that inflate is called again
in such a scenario?
Best Regards,
Fiona
- [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/22
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/22
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer,
Fiona Ebner <=
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/23
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/23
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/27
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Fiona Ebner, 2023/11/27
- Re: [PATCH for-8.2] ui/vnc-clipboard: fix inflate_buffer, Marc-André Lureau, 2023/11/28