yannick.naumann/RT-Task-Generator-QEMU
1
0
Fork 0
forked from alwin.berger/FRET-qemu
Code Pull Requests Activity
RT-Task-Generator-QEMU/ui
History
Mauro Matteo Cascella d307040b18 ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext 
Extended ClientCutText messages start with a 4-byte header. If len < 4,
an integer underflow occurs in vnc_client_cut_text_ext. The result is
used to decompress data in a while loop in inflate_buffer, leading to
CPU consumption and denial of service. Prevent this by checking dlen in
protocol_client_msg.

Fixes: CVE-2022-3165
Fixes: 0bf41cab93e5 ("ui/vnc: clipboard support")
Reported-by: TangPeng <tangpeng@qianxin.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Message-Id: <20220925204511.1103214-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-10-11 15:30:27 +02:00
..
icons
configure: move directory options from config-host.mak to meson
2020-10-26 07:08:38 -04:00
keycodemapdb @ d21009b1c9
ui: update keycodemapdb submodule commit
2021-07-26 10:24:49 +02:00
shader
meson: clean up build_by_default
2020-09-30 19:09:19 +02:00
clipboard.c
ui/clipboard: reset the serial state on reset
2022-09-23 14:38:27 +02:00
cocoa.m
ui/cocoa: Run qemu_init in the main thread
2022-09-23 14:36:33 +02:00
console-gl.c
ui/console: fix texture leak when calling surface_gl_create_texture()
2022-03-04 11:28:37 +01:00
console.c
ui/console: fix three double frees in png_save()
2022-09-23 14:38:27 +02:00
curses_keys.h
curses: support wide input
2019-03-11 08:39:02 +01:00
curses.c
ui/curses: Avoid dynamic stack allocation
2022-09-22 16:38:28 +01:00
cursor_hidden.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor_left_ptr.xpm
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
cursor.c
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
2022-04-07 12:30:54 +02:00
dbus-chardev.c
ui/dbus: add chardev backend & interface
2021-12-21 10:50:22 +04:00
dbus-clipboard.c
ui/dbus: add clipboard interface
2021-12-21 10:50:22 +04:00
dbus-console.c
ui/dbus: associate the DBusDisplayConsole listener with the given console
2022-03-14 15:16:08 +04:00
dbus-display1.xml
ui/dbus: add chardev backend & interface
2021-12-21 10:50:22 +04:00
dbus-error.c
ui: add a D-Bus display backend
2021-12-21 10:50:22 +04:00
dbus-listener.c
ui/dbus: do not send 2d scanout until gfx_update
2022-03-15 12:54:59 +04:00
dbus-module.c
ui/dbus: add p2p=on/off option
2021-12-21 10:50:22 +04:00
dbus.c
dbus-display: fix test race when initializing p2p connection
2022-07-19 14:35:00 +02:00
dbus.h
ui: fix path to dbus-display1.h
2022-09-29 18:23:51 +02:00
egl-context.c
ui: split the GL context in a different object
2021-12-21 10:50:21 +04:00
egl-headless.c
ui/console: egl-headless is compatible with non-gl listeners
2022-03-14 15:16:05 +04:00
egl-helpers.c
ui/gtk-egl: blitting partial guest fb to the proper scanout surface
2021-11-05 12:29:44 +01:00
gtk-clipboard.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
gtk-egl.c
ui: Deliver refresh rate via QemuUIInfo
2022-06-14 10:34:37 +02:00
gtk-gl-area.c
ui: Deliver refresh rate via QemuUIInfo
2022-06-14 10:34:37 +02:00
gtk.c
gtk: Add show_tabs=on|off command line option.
2022-07-19 14:36:42 +02:00
input-barrier.c
ui/input-barrier: Move TODOs from barrier.txt to a comment
2021-08-02 12:55:51 +01:00
input-barrier.h
ui: add an embedded Barrier client
2019-09-17 13:43:22 +02:00
input-keymap.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
input-legacy.c
ui/input-legacy: pass horizontal scroll information
2022-01-13 15:33:18 +01:00
input-linux.c
ui: replace qemu_set_nonblock()
2022-05-03 15:52:37 +04:00
input.c
Trivial: 3 char repeat typos
2022-06-28 11:06:02 +02:00
kbd-state.c
Include qemu/queue.h slightly less
2019-08-16 13:31:52 +02:00
keymaps.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
keymaps.h
Include qemu-common.h exactly where needed
2019-06-12 13:20:20 +02:00
meson.build
ui: dbus-display requires CONFIG_GBM
2022-07-28 13:08:29 +02:00
qemu-pixman.c
ui/pixman: Add qemu_pixman_to_drm_format()
2021-05-27 12:07:37 +02:00
qemu-x509.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
qemu.desktop
ui: fix icon display for GTK frontend under GNOME Shell with Wayland
2019-01-21 09:43:13 +01:00
sdl2-2d.c
ui/console: Pass placeholder surface to displays
2021-03-04 09:35:36 +01:00
sdl2-gl.c
ui: split the GL context in a different object
2021-12-21 10:50:21 +04:00
sdl2-input.c
ui/sdl2-input: use trace-events to debug key events
2020-05-19 09:06:44 +02:00
sdl2.c
ui: Switch "-display sdl" to use the QAPI parser
2022-06-03 08:03:28 +02:00
shader.c
ui/shader: free associated programs
2022-03-14 15:16:16 +04:00
spice-app.c
ui/spice: Use HAVE_SPICE_GL for OpenGL checks
2021-07-26 10:24:49 +02:00
spice-core.c
ui: move qemu_spice_fill_device_address to ui/util.c
2021-12-21 10:50:21 +04:00
spice-display.c
ui/console: move dcl compatiblity check to a callback
2022-03-14 15:16:01 +04:00
spice-input.c
spice: move add_interface() to QemuSpiceOps.
2020-10-21 15:46:14 +02:00
spice-module.c
spice: wire up monitor in QemuSpiceOps.
2020-10-21 15:46:14 +02:00
trace-events
ui: add some vdagent related traces
2022-09-23 14:38:23 +02:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
udmabuf.c
ui/console: Restrict udmabuf_fd() to Linux
2021-08-31 14:31:43 +02:00
util.c
ui: move qemu_spice_fill_device_address to ui/util.c
2021-12-21 10:50:21 +04:00
vdagent.c
ui/vdagent: fix serial reset of guest agent
2022-09-23 14:38:27 +02:00
vgafont.h
ui: move files to ui/ and include/ui/
2012-12-19 08:31:30 +01:00
vnc_keysym.h
ui: add next and prior keysyms
2017-07-27 14:23:09 +02:00
vnc-auth-sasl.c
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-sasl.h
vnc: avoid deprecation warnings for SASL on OS X
2021-06-15 17:17:09 +02:00
vnc-auth-vencrypt.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-auth-vencrypt.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc-clipboard.c
Remove qemu-common.h include from most units
2022-04-06 14:31:55 +02:00
vnc-enc-hextile-template.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-enc-hextile.c
ui: Clean up includes
2016-02-04 17:01:04 +00:00
vnc-enc-tight.c
Replacing CONFIG_VNC_PNG with CONFIG_PNG
2022-04-27 07:50:28 +02:00
vnc-enc-tight.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zlib.c
vnc: fix memory leak when vnc disconnect
2019-09-17 13:45:10 +02:00
vnc-enc-zrle.c
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.c.inc
meson: rename included C source files to .c.inc
2020-08-21 06:18:30 -04:00
vnc-enc-zrle.h
Clean up header guards that don't match their file name
2016-07-12 16:19:16 +02:00
vnc-enc-zywrle-template.c
avoid TABs in files that only contain a few
2019-01-11 15:46:56 +01:00
vnc-enc-zywrle.h
ui: vnc: finish removing TABs
2019-02-05 16:50:18 +01:00
vnc-jobs.c
ui: avoid sending framebuffer updates outside client desktop bounds
2021-03-15 17:37:50 +01:00
vnc-jobs.h
ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()
2017-02-08 14:59:36 +01:00
vnc-palette.c
all: Remove unnecessary glib.h includes
2016-06-07 18:19:24 +03:00
vnc-palette.h
Include qapi/qmp/qlist.h exactly where needed
2018-02-09 13:52:15 +01:00
vnc-stubs.c
vnc: support "-vnc help"
2021-01-23 15:55:07 -05:00
vnc-ws.c
vnc: fix resource leak when websocket channel error
2020-11-04 08:25:17 +01:00
vnc-ws.h
Clean up ill-advised or unusual header guards
2016-07-12 16:20:46 +02:00
vnc.c
ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext
2022-10-11 15:30:27 +02:00
vnc.h
Replacing CONFIG_VNC_PNG with CONFIG_PNG
2022-04-27 07:50:28 +02:00
win32-kbd-hook.c
ui/win32-kbd-hook: handle AltGr in a hook procedure
2020-05-19 09:06:44 +02:00
x_keymap.c
ui: Fix memory leak in qemu_xkeymap_mapping_table()
2021-05-02 17:24:50 +02:00
x_keymap.h
ui: convert GTK and SDL1 frontends to keycodemapdb
2018-01-25 15:02:00 +01:00