This patch constrains a client cut text length to 1 MB. Otherwise
a client could make server allocate 2 GB of memory and that seems to
be to much to classify it as a denial of service.
The limit also prevents from an integer overflow followed by copying
an uninitilized memory when processing msg.cct.length value larger
than SIZE_MAX or INT_MAX - sz_rfbClientCutTextMsg.
This patch also corrects accepting length value of zero (malloc(0) is
interpreted on differnet systems differently).
CVE-2018-7225
<https://github.com/LibVNC/libvncserver/issues/218>
(cherry picked from commit 28afb6c537dc82ba04d5f245b15ca7205c6dbb9c)
This enables compilation under both Qt3 and Qt4
git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdenetwork@1237912 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Petr Písař
Timothy Pearson
tpearson
toma