LibVNCClient: ignore server-sent cut text longer than 1MB

This is in line with how LibVNCServer does it (28afb6c537dc82ba04d5f245b15ca7205c6dbb9c) and fixes part of #273.
author: Christian Beier <dontmind@freeshell.org> 2018-12-29 14:16:58 +0100
committer: Christian Beier <dontmind@freeshell.org> 2018-12-29 14:16:58 +0100
commit: c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a (patch)
tree: dcdef62bb09272feef686d8669d0a27fa2cccc67
parent: 5d84ade49223b7f8f7667152677e8642b4608c57 (diff)
download: libtdevnc-c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a.tar.gz
libtdevnc-c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
index 4541e0d..8792dbf 100644
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)
 
     msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);
 
+    if (msg.sct.length > 1<<20) {
+	    rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
+	    return FALSE;
+    }  
+
     buffer = malloc((uint64_t)msg.sct.length+1);
 
     if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {
author	Christian Beier <dontmind@freeshell.org>	2018-12-29 14:16:58 +0100
committer	Christian Beier <dontmind@freeshell.org>	2018-12-29 14:16:58 +0100
commit	c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a (patch)
tree	dcdef62bb09272feef686d8669d0a27fa2cccc67
parent	5d84ade49223b7f8f7667152677e8642b4608c57 (diff)
download	libtdevnc-c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a.tar.gz libtdevnc-c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a.zip