| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
An attacker could feed `0xffffffff`, causing a `malloc(0)` for the
buffers which are subsequently written to.
Closes #247
|
|
|
|
|
|
| |
in CoRRE decoding
Closes #250
|
|
|
|
| |
Closes #251
|
|
|
|
|
|
|
| |
The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process,
don't leak this to the remote.
Closes #252
|
|
|
|
| |
Closes #253
|
|
|
|
| |
Closes #230
|
|\
| |
| |
| |
| | |
libvncclient: zrle.c: Move undef of REALBPP down
rfbproto.c which includes this file expects an undefined REALBPP after the inclusion. Do this whether or not there is zlib available.
|
| | |
|
|/ |
|
|\
| |
| | |
Include Tight decoding optimizations from TurboVNC
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- As with the encoder, the decoder now uses the TurboJPEG wrapper, which
allows it to decode JPEG images directly into the framebuffer. This
eliminates a buffer copy (CopyRectangle()) as well as the expensive
RGB pixel conversion in DecompressJpegRectBPP(). The TurboJPEG
wrapper performs RGB pixel conversion more optimally, and only when
necessary (it uses the libjpeg-turbo colorspace extensions when
available, in order to avoid RGB conversion.)
- The other Tight subencoding types are also now decoded directly into
the framebuffer, which eliminates buffer copies.
- The Tight decoder now supports the rfbTightNoZlib extension, which
allows the server to bypass zlib compression when Compression Level 0
is selected. The encoder already supports this extension. Passing
the data stream through zlib when Compression Level 0 is selected
needlessly wastes CPU time, since all zlib is doing is copying the
data internally into its own structures.
|
|/ |
|
|
|
|
| |
of other files
|
| |
|
|\
| |
| |
| | |
simonwaterman-sasl2
|
| |
| |
| |
| | |
Added SASL support to OpenSSL
|
|\ \
| | |
| | | |
Added support for X509 server certificate verification
|
| | | |
|
| | | |
|
| |/
| |
| |
| | |
handshake process.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out some server implementations (namely VMware ESXi 6.5) expect
1 as the only non-zero value for the SetPixelFormat message whereas the protocol
states every non-zero value is valid
(https://github.com/rfbproto/rfbproto/blob/master/rfbproto.rst#setpixelformat).
Anyway, setting this to 1 shouldn't hurt.
Fixes #141
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
ldmnyblzs-circle
Conflicts:
libvncclient/rfbproto.c
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Since autotools officially is no longer supported (see various github
issues), drop the related infrastructure to stop tempting people to use
it for building.
Signed-off-by: Bert van Hall <bert.vanhall@gmx.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Treat openSSL data structures as opaque to achieve compatibility with
openSSL 1.1.x. While at it, fix order of cleaning up in
open_ssl_connection().
Signed-off-by: Bert van Hall <bert.vanhall@avionic-design.de>
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
The Ultra type tile decoder does not use the _safe variant of the LZO
decompress function, which allows a maliciuous server to overwrite parts of the
heap by sending a larger-than-specified LZO data stream.
|
|/
|
|
|
|
| |
Altough rfbproto.c does check whether the overall FramebufferUpdate rectangle is
too large, some of the individual encoding decoders do not, which allows a
malicious server to overwrite parts of the heap.
|
|\
| |
| | |
fix for issue #97. Also, this fixes cmake builds for other platforms.
|
| |
| |
| |
| | |
Append support of gnutls > v 2.99.01 (gnutls_transport_set_global_errno have a different signature)
|
|\ \
| | |
| | | |
use namespaced vnc_max macro (issue #102)
|
| |/
| |
| |
| | |
Not using generic 'max', avoids conflicts with stl_algobase.h
|
|\ \
| | |
| | | |
libvncclient/tls_gnutls.c: Add hooks to WriteToTLS() for optional protection by mutex. (Squashed)
|
| |/
| |
| |
| |
| |
| |
| |
| | |
by mutex. Fix upstream issue #100
Squashed commit of the pull request #101 :
commit 1c7e01e81862bc46508e675e83c74cc6d63224b0
commit 1e749b094d6696380d3f0540a00138d7e3427874
|
|\ \
| | |
| | | |
break statement out of case
|
| |/ |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
|
|
| |
This reverts commit 9aa9ac59b4cb10bfca93456a3098e348de172d7f.
|
|
|
|
|
|
|
|
| |
This reverts commit d891478ec985660c03f95cffda0e6a1ad4ba350c.
Conflicts:
configure.ac
libvncclient/h264.c
|
|\
| |
| | |
Avoid divide-by-zero in raw encoding (OSX RealVNC)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
OS X RealVNC server crashes out Remmina because the server can provoke
bytesPerLine to be zero. Assume this is coding for zero lines.
The condition could be checked before the calculation of bytesPerLine.
I don’t understand the preconditions of this code to say one way or the
other.
|
| | |
|