mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5e67da9668
qemu/ui
History
Mauro Matteo Cascella 8f8a8f20f4 ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) 
A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).

Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
(cherry picked from commit d921fea338)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-07-18 09:50:19 +03:00
..
icons
keycodemapdb@d21009b1c9
shader
clipboard.c ui/clipboard: reset the serial state on reset 2022-09-23 14:38:27 +02:00
cocoa.m ui/cocoa: Run qemu_init in the main thread 2022-09-23 14:36:33 +02:00
console-gl.c
console.c ui: Fix pixel colour channel order for PNG screenshots 2023-05-18 21:09:59 +03:00
curses_keys.h
curses.c
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c
dbus-chardev.c
dbus-clipboard.c
dbus-console.c
dbus-display1.xml
dbus-error.c
dbus-listener.c
dbus-module.c
dbus.c
dbus.h ui: fix path to dbus-display1.h 2022-09-29 18:23:51 +02:00
egl-context.c
egl-headless.c
egl-helpers.c
gtk-clipboard.c
gtk-egl.c ui/gtk: set the area of the scanout texture correctly 2023-07-02 07:49:18 +03:00
gtk-gl-area.c ui/gtk: set the area of the scanout texture correctly 2023-07-02 07:49:18 +03:00
gtk.c ui/gtk: use widget size for cursor motion event 2023-05-31 09:43:56 +03:00
input-barrier.c
input-barrier.h
input-keymap.c
input-legacy.c
input-linux.c
input.c
kbd-state.c
keymaps.c
keymaps.h
meson.build gtk: disable GTK Clipboard with a new meson option 2022-11-23 12:15:06 +01:00
qemu-pixman.c
qemu-x509.h
qemu.desktop
sdl2-2d.c
sdl2-gl.c ui/sdl2: fix surface_gl_update_texture: Assertion 'gls' failed 2023-05-31 09:43:56 +03:00
sdl2-input.c
sdl2.c ui/sdl2: disable SDL_HINT_GRAB_KEYBOARD on Windows 2023-05-31 09:43:56 +03:00
shader.c
spice-app.c
spice-core.c
spice-display.c
spice-input.c
spice-module.c
trace-events ui: add some vdagent related traces 2022-09-23 14:38:23 +02:00
trace.h
udmabuf.c
util.c
vdagent.c ui/vdagent: fix serial reset of guest agent 2022-09-23 14:38:27 +02:00
vgafont.h ui: fix tab indentation 2022-11-08 10:23:06 +01:00
vnc_keysym.h ui: fix tab indentation 2022-11-08 10:23:06 +01:00
vnc-auth-sasl.c
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-clipboard.c ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) 2023-07-18 09:50:19 +03:00
vnc-enc-hextile-template.h
vnc-enc-hextile.c Drop useless casts from g_malloc() & friends to pointer 2022-10-22 23:15:40 +02:00
vnc-enc-tight.c
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle.c
vnc-enc-zrle.c.inc
vnc-enc-zrle.h
vnc-enc-zywrle-template.c ui: fix tab indentation 2022-11-08 10:23:06 +01:00
vnc-enc-zywrle.h ui: fix tab indentation 2022-11-08 10:23:06 +01:00
vnc-jobs.c vnc: move assert in vnc_worker_thread_loop 2023-06-11 11:03:26 +03:00
vnc-jobs.h
vnc-palette.c
vnc-palette.h
vnc-stubs.c
vnc-ws.c
vnc-ws.h
vnc.c vnc: avoid underflow when accessing user-provided address 2023-04-27 08:52:57 +03:00
vnc.h
win32-kbd-hook.c
x_keymap.c
x_keymap.h