From 29bf702b76b9e6224c75ec332aa7d64b4a875a0e Mon Sep 17 00:00:00 2001
From: Packit Service <user-cont-team+packit-service@redhat.com>
Date: Nov 25 2020 06:14:53 +0000
Subject: Apply patch libvncserver-0.9.11-CVE-2020-14405.patch


patch_name: libvncserver-0.9.11-CVE-2020-14405.patch
present_in_specfile: true
location_in_specfile: 17

---

diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
index 94751a2..7ba00b5 100644
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -73,6 +73,8 @@
 #  define snprintf _snprintf /* MSVC went straight to the underscored syntax */
 #endif
 
+#define MAX_TEXTCHAT_SIZE 10485760 /* 10MB */
+
 /*
  * rfbClientLog prints a time-stamped message to the log file (stderr).
  */
@@ -2285,6 +2287,8 @@ HandleRFBServerMessage(rfbClient* client)
               client->HandleTextChat(client, (int)rfbTextChatFinished, NULL);
           break;
       default:
+         if(msg.tc.length > MAX_TEXTCHAT_SIZE)
+             return FALSE;
           buffer=malloc(msg.tc.length+1);
           if (!ReadFromRFBServer(client, buffer, msg.tc.length))
           {