Applied a fix from VNC 4.1.2 to close critical security issue. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@560 3789f03b-4d11-0410-bbf8-ca57d06f2519

commit: b0a491e9877568719394e9a273035b6613c5c289 [log] [tgz]
author: Constantin Kaplinsky <const@tightvnc.com> Thu May 18 11:32:30 2006 +0000
committer: Constantin Kaplinsky <const@tightvnc.com> Thu May 18 11:32:30 2006 +0000
tree: 18bbef4baeba0c32fd757cc0f6a3eb5ee59d6c2c
parent: 8d9f5139332ca8509ab84601c53634d361ab4a2d [diff] [blame]
diff --git a/rfb/SConnection.cxx b/rfb/SConnection.cxx
index f8a3f36..1422b54 100644
--- a/rfb/SConnection.cxx
+++ b/rfb/SConnection.cxx

@@ -178,6 +178,16 @@
 {
   vlog.debug("processing security type message");
   int secType = is->readU8();
+
+  // Verify that the requested security type should be offered
+  std::list<rdr::U8> secTypes;
+  std::list<rdr::U8>::iterator i;
+  securityFactory->getSecTypes(&secTypes, reverseConnection);
+  for (i=secTypes.begin(); i!=secTypes.end(); i++)
+    if (*i == secType) break;
+  if (i == secTypes.end())
+    throw Exception("Requested security type not available");
+
   vlog.info("Client requests security type %s(%d)",
             secTypeName(secType),secType);
commit	b0a491e9877568719394e9a273035b6613c5c289	[log] [tgz]
author	Constantin Kaplinsky <const@tightvnc.com>	Thu May 18 11:32:30 2006 +0000
committer	Constantin Kaplinsky <const@tightvnc.com>	Thu May 18 11:32:30 2006 +0000
tree	18bbef4baeba0c32fd757cc0f6a3eb5ee59d6c2c
parent	8d9f5139332ca8509ab84601c53634d361ab4a2d [diff] [blame]