ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Mauro Matteo Cascella <mcascell@redhat.com>	2023-07-04 10:41:22 +0200
committer	Marc-André Lureau <marcandre.lureau@redhat.com>	2023-07-17 15:20:56 +0400
commit	d921fea338c1059a27ce7b75309d7a2e485f710b (patch)
tree	f239072cd590cde62cc59fa6af1db4713a5d144f /ui/console.c
parent	9c18a9234bab9d5e903f897b30fb4a37888aebfc (diff)
download	focaccia-qemu-d921fea338c1059a27ce7b75309d7a2e485f710b.tar.gz focaccia-qemu-d921fea338c1059a27ce7b75309d7a2e485f710b.zip

ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)

A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).

Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>

Diffstat (limited to 'ui/console.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: