The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process,
don't leak this to the remote.
Closes #252
libvncclient: zrle.c: Move undef of REALBPP down
rfbproto.c which includes this file expects an undefined REALBPP after the inclusion. Do this whether or not there is zlib available.
- As with the encoder, the decoder now uses the TurboJPEG wrapper, which
allows it to decode JPEG images directly into the framebuffer. This
eliminates a buffer copy (CopyRectangle()) as well as the expensive
RGB pixel conversion in DecompressJpegRectBPP(). The TurboJPEG
wrapper performs RGB pixel conversion more optimally, and only when
necessary (it uses the libjpeg-turbo colorspace extensions when
available, in order to avoid RGB conversion.)
- The other Tight subencoding types are also now decoded directly into
the framebuffer, which eliminates buffer copies.
- The Tight decoder now supports the rfbTightNoZlib extension, which
allows the server to bypass zlib compression when Compression Level 0
is selected. The encoder already supports this extension. Passing
the data stream through zlib when Compression Level 0 is selected
needlessly wastes CPU time, since all zlib is doing is copying the
data internally into its own structures.
It turns out some server implementations (namely VMware ESXi 6.5) expect
1 as the only non-zero value for the SetPixelFormat message whereas the protocol
states every non-zero value is valid
(https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#setpixelformat).
Anyway, setting this to 1 shouldn't hurt.
Fixes #141
Since autotools officially is no longer supported (see various github
issues), drop the related infrastructure to stop tempting people to use
it for building.
Signed-off-by: Bert van Hall <bert.vanhall@gmx.de>
Treat openSSL data structures as opaque to achieve compatibility with
openSSL 1.1.x. While at it, fix order of cleaning up in
open_ssl_connection().
Signed-off-by: Bert van Hall <bert.vanhall@avionic-design.de>
The Ultra type tile decoder does not use the _safe variant of the LZO
decompress function, which allows a maliciuous server to overwrite parts of the
heap by sending a larger-than-specified LZO data stream.
Altough rfbproto.c does check whether the overall FramebufferUpdate rectangle is
too large, some of the individual encoding decoders do not, which allows a
malicious server to overwrite parts of the heap.
Christian Beier
Tobias Junghans
Bastiaan Olij
DRC
Wiki Wang
simon
dborth
Bert van Hall
Bert van Hall
Josef Gajdusek
Balazs Ludmany
gbdj
Rex Dieter
zbierak