aboutsummaryrefslogtreecommitdiff
path: root/hw/pci/pci-qmp-cmds.c
diff options
context:
space:
mode:
authorMauro Matteo Cascella <mcascell@redhat.com>2023-07-04 10:41:22 +0200
committerMarc-André Lureau <marcandre.lureau@redhat.com>2023-07-17 15:20:56 +0400
commitd921fea338c1059a27ce7b75309d7a2e485f710b (patch)
treef239072cd590cde62cc59fa6af1db4713a5d144f /hw/pci/pci-qmp-cmds.c
parent9c18a9234bab9d5e903f897b30fb4a37888aebfc (diff)
downloadqemu-d921fea338c1059a27ce7b75309d7a2e485f710b.zip
qemu-d921fea338c1059a27ce7b75309d7a2e485f710b.tar.gz
qemu-d921fea338c1059a27ce7b75309d7a2e485f710b.tar.bz2
ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)
A wrong exit condition may lead to an infinite loop when inflating a valid zlib buffer containing some extra bytes in the `inflate_buffer` function. The bug only occurs post-authentication. Return the buffer immediately if the end of the compressed data has been reached (Z_STREAM_END). Fixes: CVE-2023-3255 Fixes: 0bf41cab ("ui/vnc: clipboard support") Reported-by: Kevin Denis <kevin.denis@synacktiv.com> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
Diffstat (limited to 'hw/pci/pci-qmp-cmds.c')
0 files changed, 0 insertions, 0 deletions