aboutsummaryrefslogtreecommitdiff
path: root/ui/vnc-clipboard.c
AgeCommit message (Collapse)AuthorFilesLines
2023-07-17ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)Mauro Matteo Cascella1-6/+4
A wrong exit condition may lead to an infinite loop when inflating a valid zlib buffer containing some extra bytes in the `inflate_buffer` function. The bug only occurs post-authentication. Return the buffer immediately if the end of the compressed data has been reached (Z_STREAM_END). Fixes: CVE-2023-3255 Fixes: 0bf41cab ("ui/vnc: clipboard support") Reported-by: Kevin Denis <kevin.denis@synacktiv.com> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Tested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-ID: <20230704084210.101822-1-mcascell@redhat.com>
2022-04-06Remove qemu-common.h include from most unitsMarc-André Lureau1-1/+0
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-21ui/clipboard: add a clipboard reset serial eventMarc-André Lureau1-0/+3
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-21ui: generalize clipboard notifierMarc-André Lureau1-5/+15
Use a QemuClipboardNotify union type for extendable clipboard events. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
2021-11-22ui/vnc-clipboard: fix adding notifier twiceVladimir Sementsov-Ogievskiy1-4/+6
vnc_server_cut_text_caps() is not guaranteed to be called only once. If it called twice, we finally call notifier_list_add() twice with same element. Which leads to loopback QLIST. So, on next notifier_list_notify() we'll loop forever and QEMU stuck. So, let's only register new notifier if it's not yet registered. Note, that similar check is used in vdagent_chr_recv_caps() (before call qemu_clipboard_peer_register()), and also before qemu_clipboard_peer_unregister() call in vdagent_disconnect() and in vnc_disconnect_finish(). Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20211110103800.2266729-1-vsementsov@virtuozzo.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-05-21ui/vnc: clipboard supportGerd Hoffmann1-0/+323
This patch adds support for cut+paste to the qemu vnc server, which allows the vnc client exchange clipbaord data with qemu and other peers like the qemu vdagent implementation. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20210519053940.1888907-1-kraxel@redhat.com Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>
generated by cgit v1.1 at 2025-08-10 05:37:10 +0000