nixpkgs/pkgs/tools/admin/tightvnc/1.3.10-CVE-2019-15679.patch

Adapted from https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c
index 04b0230..bd11b54 100644
--- a/vncviewer/rfbproto.c
+++ b/vncviewer/rfbproto.c
@@ -303,7 +303,12 @@ InitialiseRFBConnection(void)
   si.format.blueMax = Swap16IfLE(si.format.blueMax);
   si.nameLength = Swap32IfLE(si.nameLength);
 
-  /* FIXME: Check arguments to malloc() calls. */
+  if (si.nameLength > 1<<20) {
+    fprintf(stderr, "Too big desktop name length sent by server: %lu B > 1 MB\n",
+            (unsigned long)si.nameLength);
+    return False;
+  }
+
   desktopName = malloc(si.nameLength + 1);
   if (!desktopName) {
     fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",
tightvnc: add patches for four CVEs Security fixes for: * CVE-2019-8287 * CVE-2019-15678 * CVE-2019-15679 * CVE-2019-15680 mostly adapted from patches fixing similar issues in the actively maintained libvnc (#73970) 2019-11-24 18:44:01 +00:00			`Adapted from https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7`
			`diff --git a/vncviewer/rfbproto.c b/vncviewer/rfbproto.c`
			`index 04b0230..bd11b54 100644`
			`--- a/vncviewer/rfbproto.c`
			`+++ b/vncviewer/rfbproto.c`
			`@@ -303,7 +303,12 @@ InitialiseRFBConnection(void)`
			`si.format.blueMax = Swap16IfLE(si.format.blueMax);`
			`si.nameLength = Swap32IfLE(si.nameLength);`

			`- /* FIXME: Check arguments to malloc() calls. */`
			`+ if (si.nameLength > 1<<20) {`
			`+ fprintf(stderr, "Too big desktop name length sent by server: %lu B > 1 MB\n",`
			`+ (unsigned long)si.nameLength);`
			`+ return False;`
			`+ }`
			`+`
			`desktopName = malloc(si.nameLength + 1);`
			`if (!desktopName) {`
			`fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",`