From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60351)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1XiiwZ-0003OZ-GA
	for qemu-devel@nongnu.org; Mon, 27 Oct 2014 07:58:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1XiiwP-0002Z2-Rn
	for qemu-devel@nongnu.org; Mon, 27 Oct 2014 07:58:39 -0400
Message-ID: <1414410816.9909.10.camel@nilsson.home.kraxel.org>
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 27 Oct 2014 12:53:36 +0100
In-Reply-To: <20141027114144.GU10820@dhcp-25-225.brq.redhat.com>
References: <20141027114144.GU10820@dhcp-25-225.brq.redhat.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] vnc: sanitize bits_per_pixel from the
	client
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Petr Matousek <pmatouse@redhat.com>
Cc: qemu-devel@nongnu.org, Anthony Liguori <aliguori@amazon.com>, qemu-stable@nongnu.org

On Mo, 2014-10-27 at 12:41 +0100, Petr Matousek wrote:
> bits_per_pixel that are less than 8 could result in accessing
> non-initialized buffers later in the code due to the expectation
> that bytes_per_pixel value that is used to initialize these buffers is
> never zero.
> 
> To fix this check that bits_per_pixel from the client is one of the
> values that the rfb protocol specification allows.
> 
> This is CVE-2014-7815.
> 
> Signed-off-by: Petr Matousek <pmatouse@redhat.com>

applied minor codestyle fix & added to vnc patch queue.

thanks,
  Gerd