ui · 31d286a615416f769b425fc34d15edef7b1434be · Anton / libtcg

Fiona Ebner authored 1 year ago

Commit d921fea3 ("ui/vnc-clipboard: fix infinite loop in
inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
required, because it can happen that stream.avail_in becomes zero
before coming across a return value of Z_STREAM_END in the loop.

This fixes the host->guest direction of the clipboard with noVNC and
TigerVNC as clients.

Fixes: d921fea3 ("ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)")
Reported-by: Friedrich Weber <f.weber@proxmox.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231122125826.228189-1-f.ebner@proxmox.com>

ebfbf394

History

ebfbf394 1 year ago

History

Name	Last commit	Last update
..
icons
shader
clipboard.c
cocoa.m
console-gl.c
console-priv.h
console-vc-stubs.c
console-vc.c
console.c
curses.c
curses_keys.h
cursor.c
cursor_hidden.xpm
cursor_left_ptr.xpm
dbus-chardev.c
dbus-clipboard.c
dbus-console.c
dbus-display1.xml
dbus-error.c
dbus-listener.c
dbus-module.c
dbus.c
dbus.h
egl-context.c
egl-headless.c
egl-helpers.c
gtk-clipboard.c
gtk-egl.c
gtk-gl-area.c
gtk.c
input-barrier.c
input-barrier.h
input-keymap.c
input-legacy.c
input-linux.c
input.c
kbd-state.c
keymaps.c
keymaps.h
meson.build
qemu-pixman.c
qemu-x509.h
qemu.desktop
sdl2-2d.c
sdl2-gl.c
sdl2-input.c
sdl2.c
shader.c
spice-app.c
spice-core.c
spice-display.c
spice-input.c
spice-module.c
trace-events
trace.h
udmabuf.c
ui-hmp-cmds.c
ui-qmp-cmds.c
util.c
vdagent.c
vgafont.h
vnc-auth-sasl.c
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-clipboard.c
vnc-enc-hextile-template.h
vnc-enc-hextile.c
vnc-enc-tight.c
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle.c
vnc-enc-zrle.c.inc
vnc-enc-zrle.h
vnc-enc-zywrle-template.c
vnc-enc-zywrle.h
vnc-jobs.c
vnc-jobs.h
vnc-palette.c
vnc-palette.h
vnc-stubs.c
vnc-ws.c
vnc-ws.h
vnc.c
vnc.h
vnc_keysym.h
win32-kbd-hook.c
x_keymap.c
x_keymap.h