nixpkgs/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15678.patch

Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
index 04b0230..47a6863 100644
--- a/vncviewer/rfbproto.c
+++ b/vncviewer/rfbproto.c
@@ -1217,6 +1217,12 @@ HandleRFBServerMessage()
     if (serverCutText)
       free(serverCutText);
 
+    if (msg.sct.length > 1<<20) {
+      fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n",
+              (unsigned int)msg.sct.length);
+      return False;
+    }
+
     serverCutText = malloc(msg.sct.length+1);
 
     if (!ReadFromRFBServer(serverCutText, msg.sct.length))
tightvnc: add patches for four CVEs Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) 2019-11-24 18:44:01 +00:00			`Adapted from https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a`
			`diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c`
			`index 04b0230..47a6863 100644`
			`--- a/vncviewer/rfbproto.c`
			`+++ b/vncviewer/rfbproto.c`
			`@@ -1217,6 +1217,12 @@ HandleRFBServerMessage()`
			`if (serverCutText)`
			`free(serverCutText);`

			`+ if (msg.sct.length > 1<<20) {`
			`+ fprintf(stderr,"Ignoring too big cut text length sent by server: %u B > 1 MB\n",`
			`+ (unsigned int)msg.sct.length);`
			`+ return False;`
			`+ }`
			`+`
			`serverCutText = malloc(msg.sct.length+1);`

			`if (!ReadFromRFBServer(serverCutText, msg.sct.length))`