diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2018-01-12 16:01:30 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2018-01-12 16:01:30 +0000 |
| commit | 7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac (patch) | |
| tree | 834c30585313a68f100249b06d72bc7c229ce574 /ui/vnc-auth-sasl.c | |
| parent | a3380cf658e130be35ad36c5fc284986258781bc (diff) | |
| parent | 30b80fd5269257f55203b7072c505b4ebaab5115 (diff) | |
| download | focaccia-qemu-7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac.tar.gz focaccia-qemu-7398166ddf7c6dbbc9cae6ac69bb2feda14b40ac.zip | |
Merge remote-tracking branch 'remotes/kraxel/tags/vnc-20180112-pull-request' into staging
vnc: limit memory usage (CVE-2017-15124) # gpg: Signature made Fri 12 Jan 2018 12:57:22 GMT # gpg: using RSA key 0x4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vnc-20180112-pull-request: ui: mix misleading comments & return types of VNC I/O helper methods ui: add trace events related to VNC client throttling ui: place a hard cap on VNC server output buffer size ui: fix VNC client throttling when forced update is requested ui: fix VNC client throttling when audio capture is active ui: refactor code for determining if an update should be sent to the client ui: correctly reset framebuffer update state after processing dirty regions ui: introduce enum to track VNC client framebuffer update request state ui: track how much decoded data we consumed when doing SASL encoding ui: avoid pointless VNC updates if framebuffer isn't dirty ui: remove redundant indentation in vnc_client_update ui: remove unreachable code in vnc_update_client ui: remove 'sync' parameter from vnc_update_client vnc: fix debug spelling Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'ui/vnc-auth-sasl.c')
| -rw-r--r-- | ui/vnc-auth-sasl.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c index 23f28280e7..74a5f513f2 100644 --- a/ui/vnc-auth-sasl.c +++ b/ui/vnc-auth-sasl.c @@ -48,9 +48,9 @@ void vnc_sasl_client_cleanup(VncState *vs) } -long vnc_client_write_sasl(VncState *vs) +size_t vnc_client_write_sasl(VncState *vs) { - long ret; + size_t ret; VNC_DEBUG("Write SASL: Pending output %p size %zd offset %zd " "Encoded: %p size %d offset %d\n", @@ -67,6 +67,7 @@ long vnc_client_write_sasl(VncState *vs) if (err != SASL_OK) return vnc_client_io_error(vs, -1, NULL); + vs->sasl.encodedRawLength = vs->output.offset; vs->sasl.encodedOffset = 0; } @@ -78,7 +79,12 @@ long vnc_client_write_sasl(VncState *vs) vs->sasl.encodedOffset += ret; if (vs->sasl.encodedOffset == vs->sasl.encodedLength) { - vs->output.offset = 0; + if (vs->sasl.encodedRawLength >= vs->force_update_offset) { + vs->force_update_offset = 0; + } else { + vs->force_update_offset -= vs->sasl.encodedRawLength; + } + vs->output.offset -= vs->sasl.encodedRawLength; vs->sasl.encoded = NULL; vs->sasl.encodedOffset = vs->sasl.encodedLength = 0; } @@ -100,9 +106,9 @@ long vnc_client_write_sasl(VncState *vs) } -long vnc_client_read_sasl(VncState *vs) +size_t vnc_client_read_sasl(VncState *vs) { - long ret; + size_t ret; uint8_t encoded[4096]; const char *decoded; unsigned int decodedLen; |