Add AccessSetDesktopSize right.
So clients with limited access rights can not affect it.
diff --git a/common/rfb/VNCSConnectionST.cxx b/common/rfb/VNCSConnectionST.cxx
index 618048a..274c496 100644
--- a/common/rfb/VNCSConnectionST.cxx
+++ b/common/rfb/VNCSConnectionST.cxx
@@ -584,6 +584,9 @@
{
unsigned int result;
+ if (!(accessRights & AccessSetDesktopSize)) return;
+ if (!rfb::Server::acceptSetDesktopSize) return;
+
// Don't bother the desktop with an invalid configuration
if (!layout.validate(fb_width, fb_height)) {
writer()->writeExtendedDesktopSize(reasonClient, resultInvalid,