LibVNCClient: ignore server-sent cut text longer than 1MB

This is in line with how LibVNCServer does it
(28afb6c537) and fixes part of #273.
pull/3/head
Christian Beier 6 years ago
parent 5d84ade492
commit c5ba3fee85
No known key found for this signature in database
GPG Key ID: 421BB3B45C6067F8

@ -2217,6 +2217,11 @@ HandleRFBServerMessage(rfbClient* client)
msg.sct.length = rfbClientSwap32IfLE(msg.sct.length); msg.sct.length = rfbClientSwap32IfLE(msg.sct.length);
if (msg.sct.length > 1<<20) {
rfbClientErr("Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
return FALSE;
}
buffer = malloc((uint64_t)msg.sct.length+1); buffer = malloc((uint64_t)msg.sct.length+1);
if (!ReadFromRFBServer(client, buffer, msg.sct.length)) { if (!ReadFromRFBServer(client, buffer, msg.sct.length)) {

Loading…
Cancel
Save