* [pve-devel] [PATCH qemu] add fix for vnc clipboard
@ 2023-11-22 12:36 Fiona Ebner
2023-11-22 12:41 ` Fiona Ebner
0 siblings, 1 reply; 2+ messages in thread
From: Fiona Ebner @ 2023-11-22 12:36 UTC (permalink / raw)
To: pve-devel
This fixes the host->guest direction with noNVC as a client (and
likely others).
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
...-ui-vnc-clipboard-fix-inflate_buffer.patch | 33 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 34 insertions(+)
create mode 100644 debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
diff --git a/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch b/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
new file mode 100644
index 0000000..1a361d5
--- /dev/null
+++ b/debian/patches/extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Fiona Ebner <f.ebner@proxmox.com>
+Date: Wed, 22 Nov 2023 13:17:25 +0100
+Subject: [PATCH] ui/vnc-clipboard: fix inflate_buffer
+
+Commit d921fea338 ("ui/vnc-clipboard: fix infinite loop in
+inflate_buffer (CVE-2023-3255)") removed this hunk, but it is still
+required, because it can happen that stream.avail_in becomes zero
+before coming across a return value of Z_STREAM_END.
+
+This fixes the host->guest direction with noNVC.
+
+Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
+---
+ ui/vnc-clipboard.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
+index c759be3438..124b6fbd9c 100644
+--- a/ui/vnc-clipboard.c
++++ b/ui/vnc-clipboard.c
+@@ -69,6 +69,11 @@ static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
+ }
+ }
+
++ *size = stream.total_out;
++ inflateEnd(&stream);
++
++ return out;
++
+ err_end:
+ inflateEnd(&stream);
+ err:
diff --git a/debian/patches/series b/debian/patches/series
index 992299c..9938b8e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,6 +7,7 @@ extra/0006-Revert-Revert-graph-lock-Disable-locking-for-now.patch
extra/0007-migration-states-workaround-snapshot-performance-reg.patch
extra/0008-Revert-x86-acpi-workaround-Windows-not-handling-name.patch
extra/0009-hw-ide-ahci-fix-legacy-software-reset.patch
+extra/0010-ui-vnc-clipboard-fix-inflate_buffer.patch
bitmap-mirror/0001-drive-mirror-add-support-for-sync-bitmap-mode-never.patch
bitmap-mirror/0002-drive-mirror-add-support-for-conditional-and-always-.patch
bitmap-mirror/0003-mirror-add-check-for-bitmap-mode-without-bitmap.patch
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] [PATCH qemu] add fix for vnc clipboard
2023-11-22 12:36 [pve-devel] [PATCH qemu] add fix for vnc clipboard Fiona Ebner
@ 2023-11-22 12:41 ` Fiona Ebner
0 siblings, 0 replies; 2+ messages in thread
From: Fiona Ebner @ 2023-11-22 12:41 UTC (permalink / raw)
To: pve-devel
Am 22.11.23 um 13:36 schrieb Fiona Ebner:
> This fixes the host->guest direction with noNVC as a client (and
> likely others).
>
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Sorry, completely forgot to add Friedrich's Reported-by's. Sent a v2.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-22 12:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-22 12:36 [pve-devel] [PATCH qemu] add fix for vnc clipboard Fiona Ebner
2023-11-22 12:41 ` Fiona Ebner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal