Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_tigervnc / 62197c89e98be47a174074e4c7429c57767a4929
commit62197c89e98be47a174074e4c7429c57767a4929[log] [tgz]
authorMichal Srb <michalsrb@gmail.com>Wed Mar 29 17:05:45 2017 +0300
committerMichal Srb <michalsrb@gmail.com>Thu Mar 30 03:25:04 2017 +0300
tree97fe733b664213cf6501b6e49d58f1a7d2093d0c
parent9801c5efcf8c1774d9c807ebd5d27ac7049ad993 [diff]
Limit max username/password size in SSecurityPlain.

Setting the limit to 1024 which should be still more than enough.

Unlimited ulen and plen can cause various security problems:
  * Overflow in `is->checkNoWait(ulen + plen)` causing it to contine when there is not enough data and then wait forever.
  * Overflow in `new char[plen + 1]` that would allocate zero sized array which succeeds but returns pointer that should not be written into.
  * Allocation failure in `new char[plen + 1]` from trying to allocate too much and crashing the whole server.

All those issues can be triggered by a client before authentication.
2 files changed
tree: 97fe733b664213cf6501b6e49d58f1a7d2093d0c
  1. cmake/
  2. common/
  3. contrib/
  4. doc/
  5. java/
  6. media/
  7. po/
  8. release/
  9. tests/
  10. unix/
  11. vncviewer/
  12. win/
  13. BUILDING.txt
  14. CMakeLists.txt
  15. config.h.in
  16. LICENCE.TXT
  17. README.txt