Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | rfbserver: get rid of inttypes.h again | Christian Beier | 2018-03-24 | 1 | -4/+1 |
| | |||||
* | Limit client cut text length to 1 MB | Petr Písař | 2018-03-08 | 1 | -1/+19 |
| | | | | | | | | | | | | | | | | This patch constrains a client cut text length to 1 MB. Otherwise a client could make server allocate 2 GB of memory and that seems to be to much to classify it as a denial of service. The limit also prevents from an integer overflow followed by copying an uninitilized memory when processing msg.cct.length value larger than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg. This patch also corrects accepting length value of zero (malloc(0) is interpreted on differnet systems differently). CVE-2018-7225 <https://github.com/LibVNC/libvncserver/issues/218> | ||||
* | fix: the function should not return a value | Wu Zongyong | 2017-06-25 | 1 | -1/+1 |
| | |||||
* | Fixed compilation of websockets on system where there is no implementation ↵ | Jocelyn Le Sage | 2017-06-13 | 3 | -8/+6 |
| | | | | of base64 functions. | ||||
* | Merge pull request #158 from kempniu/gtk-vnc-0.7.0-compat | Christian Beier | 2017-05-15 | 1 | -1/+4 |
|\ | | | | | websockets: Ensure compatibility with gtk-vnc 0.7.0+ | ||||
| * | Ensure compatibility with gtk-vnc 0.7.0+ | Michał Kępień | 2017-02-14 | 1 | -1/+4 |
| | | |||||
* | | websockets: hide decode debug output per default | Christian Beier | 2017-05-15 | 1 | -32/+41 |
| | | |||||
* | | websockets: restore webSocketCheckDisconnect() to keep API compatibility | Christian Beier | 2017-05-14 | 1 | -0/+11 |
| | | |||||
* | | remove potential 64 bit len overflow calculation | Andreas Weigel | 2017-05-14 | 2 | -38/+31 |
| | | |||||
* | | add decode support for continuation frames | Andreas Weigel | 2017-05-14 | 3 | -46/+126 |
| | | | | | | | | | | | | use FIN bit and implement opcode 0x00 make consistent use of uint64_t for big frame sizes | ||||
* | | remove Hixie-specific MD5 and check functions | Andreas Weigel | 2017-05-14 | 2 | -68/+0 |
| | | |||||
* | | add generation wstest to cmake | Andreas Weigel | 2017-05-14 | 2 | -25/+26 |
| | | | | | | | | | | | | | | | | | | add wstestdata.c, because the python data generation script has too many dependencies remove some redundance from jpeg test creation add support for decoding close messages | ||||
* | | add ws_decode tests | Andreas Weigel | 2017-05-14 | 3 | -41/+41 |
| | | | | | | | | | | | | | | | | | | modify automake to include ws_decode test add python frame generator for decode tests modify configure to only include ws_decode test if preconditions are fulfilled | ||||
* | | remove obsolete hixie protocol support | Andreas Weigel | 2017-05-14 | 1 | -246/+51 |
| | | |||||
* | | factor out hybi decode part to make it testable | Andreas Weigel | 2017-05-14 | 3 | -580/+631 |
| | | | | | | | | | | remove direct dependency on rfbClientPtr structure in hybi decode function(s) | ||||
* | | fix overflow and refactor websockets decode (Hybi) | Andreas Weigel | 2017-05-14 | 1 | -132/+463 |
| | | | | | | | | | | | | | | | | | | | | | | fix critical heap-based buffer overflow which allowed easy modification of a return address via an overwritten function pointer fix bug causing connections to fail due a "one websocket frame = one ws_read" assumption, which failed with LibVNCServer-0.9.11 refactor websocket Hybi decode to use a simple state machine for decoding of websocket frames | ||||
* | | font: Fix a small resource leak in a failure case in rfbLoadConsoleFont() | Lioncash | 2017-05-10 | 1 | -0/+1 |
| | | | | | | | | The file handle wouldn't be closed in this instance. | ||||
* | | rfbInitServer: only init Winsock once | Christian Beier | 2017-02-21 | 1 | -1/+9 |
| | | |||||
* | | Add an rfbLogPError that shows something on WIN32 | Christian Beier | 2017-02-21 | 1 | -0/+9 |
| | | |||||
* | | Merge pull request #156 from The-42/drop-autotools | Christian Beier | 2017-02-21 | 1 | -80/+0 |
|\ \ | | | | | | | drop autotools | ||||
| * | | drop autotools | Bert van Hall | 2017-02-13 | 1 | -80/+0 |
| |/ | | | | | | | | | | | | | | | Since autotools officially is no longer supported (see various github issues), drop the related infrastructure to stop tempting people to use it for building. Signed-off-by: Bert van Hall <bert.vanhall@gmx.de> | ||||
* | | Fix building in C89 mode | Christian Beier | 2017-02-20 | 1 | -1/+12 |
|/ | | | | FIXME: this should probably be refactored into a common header. | ||||
* | Fix building websockets with GnuTLS. | Christian Beier | 2017-01-28 | 1 | -3/+3 |
| | |||||
* | Fix typo | Christian Beier | 2017-01-28 | 1 | -1/+1 |
| | |||||
* | Fix websockets building | Christian Beier | 2017-01-28 | 1 | -0/+2 |
| | |||||
* | Various #ifdef fixes to allow building with MSVC2014 | Christian Beier | 2017-01-28 | 6 | -3/+27 |
| | |||||
* | Make websockets code build on OSX without SSL. | Christian Beier | 2016-12-30 | 1 | -0/+13 |
| | |||||
* | Use unprefixed b64_* functions in websockets code. | Christian Beier | 2016-12-30 | 1 | -5/+5 |
| | |||||
* | LibVNCServer: fix starting of an onHold-client in threaded mode. | Christian Beier | 2016-12-28 | 1 | -9/+6 |
| | | | | | | | | Discovered by madscientist159 on 11 Jan 2015: "noted in testing with the threaded server build, whereby if newClientHook() returned RFB_CLIENT_ON_HOLD there was no way to release the hold when the server became ready" | ||||
* | websockets: Don't supply Sec-WebSocket-Protocol if not in request | Kyle Russell | 2016-12-08 | 1 | -2/+11 |
| | |||||
* | Write the correct length for end of header | Samuel Mannehed | 2016-12-02 | 1 | -1/+1 |
| | | | | Fix for commit 65106d39627499ace4f1ed8701d3ab6c7f97f56f | ||||
* | httpd: rework mime type handling to recognise more types | Christian Beier | 2016-11-25 | 1 | -7/+13 |
| | |||||
* | Merge pull request #128 from zmedico/autoprobe-selective | Christian Beier | 2016-11-20 | 1 | -7/+9 |
|\ | | | | | Support autoPort with ipv4 or ipv6 disabled | ||||
| * | Support autoPort with ipv4 or ipv6 disabled | Zac Medico | 2016-08-14 | 1 | -7/+9 |
| | | | | | | | | | | | | | | | | | | Make it possible to get autoPort behavior with either ipv4 or ipv6 disabled, by setting rfbScreen->ipv6port or rfbScreen->port to a negative number. This will make it possible for x11vnc to enforce its -noipv6 option, as discussed in the following bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672449 | ||||
* | | Fix some typos (found by codespell) | Stefan Weil | 2016-11-18 | 1 | -1/+1 |
| | | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de> | ||||
* | | Support systemd socket activation | Kyle Russell | 2016-09-21 | 2 | -44/+74 |
|/ | |||||
* | Merge pull request #84 from plettix/master | Christian Beier | 2016-06-05 | 1 | -15/+17 |
|\ | | | | | fix for issue 81 | ||||
| * | fix for issue 81 | plettix | 2015-07-07 | 1 | -15/+17 |
| | | | | | | use different buffers for decode and encode | ||||
* | | Avoid calling SSL_pending when connection is already closed | George Fleury | 2016-05-13 | 1 | -1/+1 |
| | | | | | | | | Avoid calling SSL_pending when connection is already closed, calling SSL_pending with connection already closed is crashing. To reproduce, open a secure websocket binay protocol connection with libvncserver compiled with OpenSSL, and when libvncserver is waiting for rfbProcessClientProtocolVersion send any invalid char, it will fail and call rfbCloseClient whith destroy all SSL context, calling SSL_pending after that will generate a invalid access. | ||||
* | | Merge pull request #103 from rdieter/master | Christian Beier | 2016-04-24 | 3 | -6/+6 |
|\ \ | | | | | | | use namespaced vnc_max macro (issue #102) | ||||
| * | | use namespaced rfbMax macro (issue #102) | Rex Dieter | 2016-04-18 | 3 | -6/+6 |
| | | | | | | | | | | | | Not using generic 'max', avoids conflicts with stl_algobase.h | ||||
* | | | Enable AF_UNIX socket: ignore setsockopt TCP_NODELAY failure. | Wen Shuguang | 2016-04-15 | 2 | -11/+4 |
|/ / | |||||
* | | Fix some typos (found by codespell) | Stefan Weil | 2015-10-09 | 10 | -12/+12 |
|/ | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de> | ||||
* | Do away with rfbint.h generation and use stdint.h directly instead. | Christian Beier | 2015-05-28 | 1 | -2/+1 |
| | |||||
* | Merge pull request #70 from maxnet/master | Christian Beier | 2015-04-17 | 1 | -0/+8 |
|\ | | | | | httpd: disallow directory traversal | ||||
| * | httpd: disallow directory traversal | Floris Bos | 2015-03-29 | 1 | -0/+8 |
| | | | | | | | | Signed-off-by: Floris Bos <bos@je-eigen-domein.nl> | ||||
* | | Changed C++ style comments to C ones | Benjamin Dürholt | 2015-04-13 | 2 | -2/+2 |
| | | |||||
* | | prevent segfault | Benjamin Dürholt | 2015-04-10 | 2 | -1/+7 |
| | | |||||
* | | Set autotools SOVERSION. | Peter Spiess-Knafl | 2015-02-09 | 1 | -0/+1 |
| | | |||||
* | | Replace SHA1 implementation with the one from RFC 6234. | Christian Beier | 2015-02-01 | 2 | -2/+2 |
| | |