dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
92c89f9f7adb5bd35ff1df42f2bddda63ea3762a
qemu/ui
History
Mauro Matteo Cascella 91ac080c99 ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) 
A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).

Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
(cherry picked from commit d921fea338)
Resolves: bsc#1213001
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2023-07-31 19:20:26 +02:00
..
icons
configure: move directory options from config-host.mak to meson
2020-10-26 07:08:38 -04:00
keycodemapdb @ d21009b1c9
ui: update keycodemapdb submodule commit
2021-07-26 10:24:49 +02:00
shader
meson: clean up build_by_default
2020-09-30 19:09:19 +02:00
clipboard.c
ui/clipboard: release owned grabs on unregister
2021-08-31 17:25:14 +04:00
cocoa.m
ui/cocoa: Fix the type of main's argv
2021-07-26 10:24:49 +02:00
console-gl.c
opengl: Do not convert format with glTexImage2D on OpenGL ES
2021-03-15 17:37:49 +01:00
console.c
ui/console: remove chardev frontend connected test
2021-11-02 17:24:18 +01:00
curses_keys.h
curses: support wide input
2019-03-11 08:39:02 +01:00
curses.c
meson.build: Support ncurses on MacOS and OpenBSD
2021-11-19 10:18:27 +01:00
cursor_hidden.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor_left_ptr.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor.c
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
2023-07-31 19:20:26 +02:00
egl-context.c
ui: remove gl_ctx_get_current
2021-02-04 15:58:54 +01:00
egl-headless.c
ui/egl-headless: Remove a check for CONFIG_OPENGL
2021-07-26 10:24:49 +02:00
egl-helpers.c
ui/gtk-egl: blitting partial guest fb to the proper scanout surface
2021-11-05 12:29:44 +01:00
gtk-clipboard.c
ui/gtk-clipboard: emit release clipboard events
2021-08-31 17:25:14 +04:00
gtk-egl.c
ui/gtk-egl: Fix build failure when libgbm is not available
2021-11-08 12:20:13 +01:00
gtk-gl-area.c
ui: fix incorrect scaling on highdpi with gtk/opengl
2021-11-22 11:13:12 +01:00
gtk.c
ui/gtk: graphic_hw_gl_flushed after closing dmabuf->fence_fd
2021-11-22 11:14:28 +01:00
input-barrier.c
ui/input-barrier: Move TODOs from barrier.txt to a comment
2021-08-02 12:55:51 +01:00
input-barrier.h
ui: add an embedded Barrier client
2019-09-17 13:43:22 +02:00
input-keymap.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
input-legacy.c
Clean up inclusion of sysemu/sysemu.h
2019-08-16 13:31:53 +02:00
input-linux.c
Merge remote-tracking branch 'remotes/ehabkost/tags/machine-next-pull-request' into staging
2020-10-15 16:35:06 +01:00
input.c
qapi: Use QAPI_LIST_PREPEND() where possible
2020-12-19 10:20:14 +01:00
kbd-state.c
Include qemu/queue.h slightly less
2019-08-16 13:31:52 +02:00
keymaps.c
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
keymaps.h
Include qemu-common.h exactly where needed
2019-06-12 13:20:20 +02:00
meson.build
configure, meson: move Spice configure handling to meson
2021-10-14 09:50:57 +02:00
qemu-pixman.c
ui/pixman: Add qemu_pixman_to_drm_format()
2021-05-27 12:07:37 +02:00
qemu-x509.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
qemu.desktop
ui: fix icon display for GTK frontend under GNOME Shell with Wayland
2019-01-21 09:43:13 +01:00
sdl2-2d.c
ui/console: Pass placeholder surface to displays
2021-03-04 09:35:36 +01:00
sdl2-gl.c
ui/console: Pass placeholder surface to displays
2021-03-04 09:35:36 +01:00
sdl2-input.c
ui/sdl2-input: use trace-events to debug key events
2020-05-19 09:06:44 +02:00
sdl2.c
ui/sdl2: Check return value from g_setenv()
2021-08-10 10:56:39 +02:00
shader.c
meson: convert ui directory to Meson
2020-08-21 06:30:21 -04:00
spice-app.c
ui/spice: Use HAVE_SPICE_GL for OpenGL checks
2021-07-26 10:24:49 +02:00
spice-core.c
error: Use error_fatal to simplify obvious fatal errors (again)
2021-08-26 17:15:28 +02:00
spice-display.c
ui/spice-display: check NULL pointer in interface_release_resource()
2021-05-21 09:42:44 +02:00
spice-input.c
spice: move add_interface() to QemuSpiceOps.
2020-10-21 15:46:14 +02:00
spice-module.c
spice: wire up monitor in QemuSpiceOps.
2020-10-21 15:46:14 +02:00
trace-events
ui/vdagent: send empty clipboard when unhandled
2021-08-31 17:25:14 +04:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
udmabuf.c
ui/console: Restrict udmabuf_fd() to Linux
2021-08-31 14:31:43 +02:00
vdagent.c
ui/vdagent: add a migration blocker
2021-08-31 17:25:14 +04:00
vgafont.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
vnc_keysym.h
ui: add next and prior keysyms
2017-07-27 14:23:09 +02:00
vnc-auth-sasl.c
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-sasl.h
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-vencrypt.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-auth-vencrypt.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc-clipboard.c
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
2023-07-31 19:20:26 +02:00
vnc-enc-hextile-template.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-enc-hextile.c
ui: Clean up includes
2016-02-04 17:01:04 +00:00
vnc-enc-tight.c
vnc: Remove the superfluous break
2020-09-01 08:36:53 +02:00
vnc-enc-tight.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zlib.c
vnc: fix memory leak when vnc disconnect
2019-09-17 13:45:10 +02:00
vnc-enc-zrle.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.c.inc
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zywrle-template.c
avoid TABs in files that only contain a few
2019-01-11 15:46:56 +01:00
vnc-enc-zywrle.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-jobs.c
ui: avoid sending framebuffer updates outside client desktop bounds
2021-03-15 17:37:50 +01:00
vnc-jobs.h
ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()
2017-02-08 14:59:36 +01:00
vnc-palette.c
all: Remove unnecessary glib.h includes
2016-06-07 18:19:24 +03:00
vnc-palette.h
Include qapi/qmp/qlist.h exactly where needed
2018-02-09 13:52:15 +01:00
vnc-stubs.c
vnc: support "-vnc help"
2021-01-23 15:55:07 -05:00
vnc-ws.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-ws.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc.c
ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
2023-07-31 19:20:26 +02:00
vnc.h
ui/vnc: clipboard support
2021-05-21 09:42:44 +02:00
win32-kbd-hook.c
ui/win32-kbd-hook: handle AltGr in a hook procedure
2020-05-19 09:06:44 +02:00
x_keymap.c
ui: Fix memory leak in qemu_xkeymap_mapping_table()
2021-05-02 17:24:50 +02:00
x_keymap.h
ui: convert GTK and SDL1 frontends to keycodemapdb
2018-01-25 15:02:00 +01:00