From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60477) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c8sRS-0001fO-Du for qemu-devel@nongnu.org; Mon, 21 Nov 2016 12:31:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c8sRP-0008DV-Ad for qemu-devel@nongnu.org; Mon, 21 Nov 2016 12:31:42 -0500 References: <1479749115-21932-1-git-send-email-thuth@redhat.com> From: Eric Blake Message-ID: <77e4070a-b633-e7b5-c54f-6a73d20eefd5@redhat.com> Date: Mon, 21 Nov 2016 11:31:36 -0600 MIME-Version: 1.0 In-Reply-To: <1479749115-21932-1-git-send-email-thuth@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="om7Kvb6Tb0rMdNR5C5jTosKNM63mre71c" Subject: Re: [Qemu-devel] [PATCH for-2.8] ui/vnc: Fix problem with sending too many bytes as server name List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Thomas Huth , qemu-devel@nongnu.org, Gerd Hoffmann Cc: qemu-stable@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --om7Kvb6Tb0rMdNR5C5jTosKNM63mre71c From: Eric Blake To: Thomas Huth , qemu-devel@nongnu.org, Gerd Hoffmann Cc: qemu-stable@nongnu.org Message-ID: <77e4070a-b633-e7b5-c54f-6a73d20eefd5@redhat.com> Subject: Re: [Qemu-devel] [PATCH for-2.8] ui/vnc: Fix problem with sending too many bytes as server name References: <1479749115-21932-1-git-send-email-thuth@redhat.com> In-Reply-To: <1479749115-21932-1-git-send-email-thuth@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 11/21/2016 11:25 AM, Thomas Huth wrote: > If the buffer is not big enough, snprintf() does not return the number > of bytes that have been written to the buffer, but the number of bytes > that would be needed for writing the whole string. By using this value > for the following vnc_write() calls, we send some junk at the end of > the name in case the qemu_name is longer than 1017 bytes, which could > confuse the VNC clients. Fix this by adding an additional size check > here. >=20 > Buglink: https://bugs.launchpad.net/qemu/+bug/1637447 > Signed-off-by: Thomas Huth > --- > ui/vnc.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) Reviewed-by: Eric Blake Worth having in 2.8, I think. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --om7Kvb6Tb0rMdNR5C5jTosKNM63mre71c Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJYMy94AAoJEKeha0olJ0NqmjIIAJYOqhnSeYbr6G1Oo1XXEcaz AW/IVZNyUcW37AoR8JnV0htJ62ywLBXp2MsfJ284JaQ8t0gw1re84IY6vLH4lLNR omUYYCe3v1NXMLEhm57K8+ctX5JyU3jRdFuFvXC20jIdXoPNRlYGo1OlVW+EhYlv UJ9lOPnsnbhwnIqVKgM6wvc1H5hDyqSHDHficN1N+kN8TUKd/1tAXdROa+Ca+o5x tSeACGKBUby6lw82xxWP88Akzf6C0j4Z3qvWGMWXvruQN+edWHaMLFabQtqHh5XS K12NAIWc/DC6+GS0A7hoxtCHp4nplZZXm8OiWp4lgJmYMlp43wnzXDwMRzp+qeI= =8njx -----END PGP SIGNATURE----- --om7Kvb6Tb0rMdNR5C5jTosKNM63mre71c--