Fixes (maybe amongst others) the following oCERT report ([oCERT-2014-008]):
LibVNCServer HandleRFBServerMessage rfbServerCutText malicious msg.sct.length
It looks like there may be a chance for potential memory corruption when a LibVNCServer client attempts to process a Server Cut Text message.
case rfbServerCutText:
{
char *buffer;
if (!ReadFromRFBServer(client, ((char *)&msg) + 1,
sz_rfbServerCutTextMsg - 1))
return FALSE;
msg.sct.length = rfbClientSwap32IfLE(msg.sct.length); << Retrieve malicious length
buffer = malloc(msg.sct.length+1); << Allocate buffer. Can return 0x0
if (!ReadFromRFBServer(client, buffer, msg.sct.length)) << Attempt to write to buffer
return FALSE;
buffer[msg.sct.length] = 0; << Attempt to write to buffer
if (client->GotXCutText)
client->GotXCutText(client, buffer, msg.sct.length); << Attempt to write to buffer
free(buffer);
break;
}
If a message is provided with an extremely large size it is possible to cause the malloc to fail, further leading to an attempt to write 0x0.
To support Microsoft Visual C++, we must not guard Windows-specific code
in MinGW-specific #ifdef guards.
Happily, even 64-bit MSVC defines the WIN32 constant, therefore we can use
that instead.
[JES: fixed commit message, reordered commit, split out unrelated changes]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
In Microsoft's Visual C runtime, the snprintf() function is actually
called _snprintf. Let's just #define the former to call the latter.
[JES: fixed commit message]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
The current definitions were mostly useful to glibc and followed its
feature_test_macros(3) documentation.
However, this means other platforms still had problems when building with
strict compilation flags. _BSD_SOURCE, for example, is only recognized by
glibc, and other platforms sometimes need _XOPEN_SOURCE instead, or even the
removal of some definitions (such as the outdate _POSIX_SOURCE one).
_POSIX_SOURCE also had to be conditionally defined in some places, as what
it enables or disables during compilation varies across systems.
Besided making libvncserver reverseVNC IPv6-aware, this introduces some changes
on the client side as well to make clients listen on IPv6 sockets, too. Like
the server side, this also uses a separate-socket approach.
For security reasons, it can be important to limit which IP addresses a
LibVNCClient-based client should listen for reverse connections. This
commit adds that option.
To preserve binary backwards-compatibility, the field was added to the end
of the rfbclient struct, and the function ListenAtTcpPort retains its
signature (but calls the new ListenAtTcpPortAndAddress).
[jes: shortened the commit subject, added a longer explanation in the
commit body and adjusted style]
Signed-off-by: Luca Stauble <gnekoz@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This is a small addendum to 0797e42a4a.
Seems that having IPv6 support in the OS does not necessarily mean that
IPV6_TCLASS is available. One such case seems to be Mac OS X 10.5.
This enables setting the DSCP/Traffic Class field of IP/IPv6 packets
sent by a client. For example starting a client with -qosdscp 184
marks all outgoing traffic for expedited forwarding.
Implementation for Win32 is still a TODO, though. See
http://betelco.blogspot.com/2009/03/dscp-marking-under-windows-at.html
for an overview of the Win32 QoS API mess...
Expands the SetNonBlocking() function in libvncclient/sockets.c to also
work under Windows and also changes it to honour maybe already present
socket flags.
A similar function was introduced for libvncserver as well and
all the #ifdef'ed fnctl calls replaced with calls to that one.
Signed-off-by: Christian Beier <dontmind@freeshell.org>
[jes: pulled the "host" declarations into the conditionally compiled
blocks where that variable is used. Also fixed non-IPv6 connections.]
Signed-off-by: Vic Lee <llyzs@163.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Actually, initSockets() has to be called everywhere we possibly
use sockets the first time.
Also fix return value of initSockets().
Signed-off-by: Christian Beier <dontmind@freeshell.org>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
On Windows, the WSA system needs to be initialized to be able to look up
host names.
This patch also changes *addr = 0 to use the constant INADDR_LOOPBACK
instead, which seems to be required on Windows.
SOCKET is redefined in winsock2.h so #undef it where winsock2.h
is included. The changes in rfbproto.c circumvent crosscompiler
errors like 'S_IFMT' undeclared ...', the Makefile.am changes
avoid building linux specific stuff for a win32 host target.
Also added configure option to specify sdl-config.
Signed-off-by: Christian Beier <dontmind@freeshell.org>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Tobias Junghans
Christian Beier
simon
Stefan Weil
Daniel Cohen Gindi
Raphael Kubo da Costa
Luca Stauble
Vic Lee
Johannes Schindelin
Alexander Dorokhine
Ben Klopfenstein
dscho
runge