publicWagsHome
/
KasmVNC
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9 Commits
32 Branches
15 Tags
4.9 MiB
master
release/1.3.3
release/1.3.2
release/1.2.1
release/1.3.1
release/1.3.0
release/1.2.0
release/1.1.1
release/1.1.0
release/1.0.1
release/1.0.0
release/0.9.3.2
release/0.9.3.1
innovation/session_recording
release/0.9.3
KASM-1810_yaml_config
httpblacklist
feature/KASM-2119_ubuntu_2004_default
video
bugfix/KASM-2021_kali_stable
feature/KASM-2083_ARM_Neon
configchecks
bugfix/KASM-2034_mobile_audio
bugfix/KASM-2053_video_quality
KASM-1609_select_de_to_run
feature/KASM-1883_x_proxy
KASM-1910-fix_pipeline
easy-start-select-de-to-run
xdg-portal-kde-firefox
toggle-game-mode
relativemotion
pointer_lock_api
v1.3.3
v1.3.2
v1.2.1
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.1
v1.0.0
v0.9.3-beta
temporary
temporary2
v0.9.0-beta
v0.9.1-beta
v0.9.2-beta
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9f7abaea3a'
${ noResults }
Commit Graph

5 Commits (9f7abaea3ae6d7d6ed852132590b04fad8df22ae)

Author SHA1 Message Date
Pierre Ossman 9f7abaea3a Fix depth sanity test in PixelFormat 5 years ago
Pierre Ossman 1224cbdc21 Handle empty Tight gradient rects 
We always assumed there would be one pixel per row so a rect with
a zero width would result in us writing to unknown memory.

This could theoretically be used by a malicious server to inject
code in to the viewer process.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
 5 years ago
Pierre Ossman 6a3f711878 Add write protection to OffsetPixelBuffer 
No one should every try to write to this buffer. Enforce that by
throwing an exception if any one tries to get a writeable pointer
to the data.
 5 years ago
Pierre Ossman 3282836baf Make ZlibInStream more robust against failures 
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
 5 years ago
matt 408c005d3e Initial commit 5 years ago