dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ec26f8052ecc7915453eebc942063021b901b8f6
qemu/ui
History
Mauro Matteo Cascella 4cfae56783 ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) 
A wrong exit condition may lead to an infinite loop when inflating a
valid zlib buffer containing some extra bytes in the `inflate_buffer`
function. The bug only occurs post-authentication. Return the buffer
immediately if the end of the compressed data has been reached
(Z_STREAM_END).

Fixes: CVE-2023-3255
Fixes: 0bf41cab ("ui/vnc: clipboard support")
Reported-by: Kevin Denis <kevin.denis@synacktiv.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
(cherry picked from commit d921fea338)
Resolves: bsc#1213001
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2023-07-26 15:34:39 +02:00
..
icons
configure: move directory options from config-host.mak to meson
2020-10-26 07:08:38 -04:00
keycodemapdb @ d21009b1c9
ui: update keycodemapdb submodule commit
2021-07-26 10:24:49 +02:00
shader
meson: clean up build_by_default
2020-09-30 19:09:19 +02:00
clipboard.c
ui/clipboard: fix use-after-free regression
2022-03-04 11:29:34 +01:00
cocoa.m
ui/cocoa: Take refresh rate into account
2022-07-13 00:06:02 +02:00
console-gl.c
ui/console: fix texture leak when calling surface_gl_create_texture()
2022-03-04 11:28:37 +01:00
console.c
module: add Error arguments to module_load and module_load_qom
2023-06-01 15:46:49 +02:00
curses_keys.h
curses: support wide input
2019-03-11 08:39:02 +01:00
curses.c
meson.build: Support ncurses on MacOS and OpenBSD
2021-11-19 10:18:27 +01:00
cursor_hidden.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor_left_ptr.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor.c
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
2022-04-07 12:30:54 +02:00
dbus-chardev.c
ui/dbus: add chardev backend & interface
2021-12-21 10:50:22 +04:00
dbus-clipboard.c
ui/dbus: add clipboard interface
2021-12-21 10:50:22 +04:00
dbus-console.c
ui/dbus: associate the DBusDisplayConsole listener with the given console
2022-03-14 15:16:08 +04:00
dbus-display1.xml
ui/dbus: add chardev backend & interface
2021-12-21 10:50:22 +04:00
dbus-error.c
ui: add a D-Bus display backend
2021-12-21 10:50:22 +04:00
dbus-listener.c
ui/dbus: do not send 2d scanout until gfx_update
2022-03-15 12:54:59 +04:00
dbus-module.c
ui/dbus: add p2p=on/off option
2021-12-21 10:50:22 +04:00
dbus.c
dbus-display: fix test race when initializing p2p connection
2022-07-19 14:35:00 +02:00
dbus.h
Clean up ill-advised or unusual header guards
2022-05-11 16:50:01 +02:00
egl-context.c
ui: split the GL context in a different object
2021-12-21 10:50:21 +04:00
egl-headless.c
ui/console: egl-headless is compatible with non-gl listeners
2022-03-14 15:16:05 +04:00
egl-helpers.c
ui/gtk-egl: blitting partial guest fb to the proper scanout surface
2021-11-05 12:29:44 +01:00
gtk-clipboard.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
gtk-egl.c
ui: Deliver refresh rate via QemuUIInfo
2022-06-14 10:34:37 +02:00
gtk-gl-area.c
ui: Deliver refresh rate via QemuUIInfo
2022-06-14 10:34:37 +02:00
gtk.c
gtk: Add show_tabs=on|off command line option.
2022-07-19 14:36:42 +02:00
input-barrier.c
ui/input-barrier: Move TODOs from barrier.txt to a comment
2021-08-02 12:55:51 +01:00
input-barrier.h
ui: add an embedded Barrier client
2019-09-17 13:43:22 +02:00
input-keymap.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
input-legacy.c
ui/input-legacy: pass horizontal scroll information
2022-01-13 15:33:18 +01:00
input-linux.c
ui: replace qemu_set_nonblock()
2022-05-03 15:52:37 +04:00
input.c
Trivial: 3 char repeat typos
2022-06-28 11:06:02 +02:00
kbd-state.c
Include qemu/queue.h slightly less
2019-08-16 13:31:52 +02:00
keymaps.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
keymaps.h
Include qemu-common.h exactly where needed
2019-06-12 13:20:20 +02:00
meson.build
ui: dbus-display requires CONFIG_GBM
2022-07-28 13:08:29 +02:00
qemu-pixman.c
ui/pixman: Add qemu_pixman_to_drm_format()
2021-05-27 12:07:37 +02:00
qemu-x509.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
qemu.desktop
ui: fix icon display for GTK frontend under GNOME Shell with Wayland
2019-01-21 09:43:13 +01:00
sdl2-2d.c
ui/console: Pass placeholder surface to displays
2021-03-04 09:35:36 +01:00
sdl2-gl.c
ui: split the GL context in a different object
2021-12-21 10:50:21 +04:00
sdl2-input.c
ui/sdl2-input: use trace-events to debug key events
2020-05-19 09:06:44 +02:00
sdl2.c
ui: Switch "-display sdl" to use the QAPI parser
2022-06-03 08:03:28 +02:00
shader.c
ui/shader: free associated programs
2022-03-14 15:16:16 +04:00
spice-app.c
ui/spice: Use HAVE_SPICE_GL for OpenGL checks
2021-07-26 10:24:49 +02:00
spice-core.c
ui: move qemu_spice_fill_device_address to ui/util.c
2021-12-21 10:50:21 +04:00
spice-display.c
ui/console: move dcl compatiblity check to a callback
2022-03-14 15:16:01 +04:00
spice-input.c
spice: move add_interface() to QemuSpiceOps.
2020-10-21 15:46:14 +02:00
spice-module.c
spice: wire up monitor in QemuSpiceOps.
2020-10-21 15:46:14 +02:00
trace-events
ui/gtk-gl-area: create the requested GL context version
2022-06-14 10:34:36 +02:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
udmabuf.c
ui/console: Restrict udmabuf_fd() to Linux
2021-08-31 14:31:43 +02:00
util.c
ui: move qemu_spice_fill_device_address to ui/util.c
2021-12-21 10:50:21 +04:00
vdagent.c
trivial: Fix duplicated words
2022-08-01 11:58:02 +02:00
vgafont.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
vnc_keysym.h
ui: add next and prior keysyms
2017-07-27 14:23:09 +02:00
vnc-auth-sasl.c
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-sasl.h
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-vencrypt.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-auth-vencrypt.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc-clipboard.c
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
2023-07-26 15:34:39 +02:00
vnc-enc-hextile-template.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-enc-hextile.c
ui: Clean up includes
2016-02-04 17:01:04 +00:00
vnc-enc-tight.c
Replacing CONFIG_VNC_PNG with CONFIG_PNG
2022-04-27 07:50:28 +02:00
vnc-enc-tight.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zlib.c
vnc: fix memory leak when vnc disconnect
2019-09-17 13:45:10 +02:00
vnc-enc-zrle.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.c.inc
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zywrle-template.c
avoid TABs in files that only contain a few
2019-01-11 15:46:56 +01:00
vnc-enc-zywrle.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-jobs.c
ui: avoid sending framebuffer updates outside client desktop bounds
2021-03-15 17:37:50 +01:00
vnc-jobs.h
ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()
2017-02-08 14:59:36 +01:00
vnc-palette.c
all: Remove unnecessary glib.h includes
2016-06-07 18:19:24 +03:00
vnc-palette.h
Include qapi/qmp/qlist.h exactly where needed
2018-02-09 13:52:15 +01:00
vnc-stubs.c
vnc: support "-vnc help"
2021-01-23 15:55:07 -05:00
vnc-ws.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-ws.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc.c
ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
2023-06-01 15:46:50 +02:00
vnc.h
Replacing CONFIG_VNC_PNG with CONFIG_PNG
2022-04-27 07:50:28 +02:00
win32-kbd-hook.c
ui/win32-kbd-hook: handle AltGr in a hook procedure
2020-05-19 09:06:44 +02:00
x_keymap.c
ui: Fix memory leak in qemu_xkeymap_mapping_table()
2021-05-02 17:24:50 +02:00
x_keymap.h
ui: convert GTK and SDL1 frontends to keycodemapdb
2018-01-25 15:02:00 +01:00