Date: Fri, 23 Feb 2018 12:33:44 +0100 From: Solar Designer <solar@...nwall.com> To: Dominik Csapak <d.csapak@...xmox.com> Cc: oss-security@...ts.openwall.com Subject: Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Hi Dominik, On Fri, Feb 23, 2018 at 09:20:48AM +0100, Dominik Csapak wrote: > I do not know where you looked at our code, In these GitHub repos, which I thought were official: https://github.com/proxmox/vncterm https://github.com/proxmox/spiceterm Shortly after I sent the message, I realized I should have included these links in it. Ditto for other projects, so here they are: XenServer vncterm: https://github.com/xenserver/vncterm Might be also out of date, since last commit is 2 years ago? But could also be latest. These things don't have to be updated frequently. For QEMU, I did: git clone git://git.qemu.org/qemu.git > but in our official git repositories for vncterm and spiceterm > > those issues are already fixed (since 2017-05-05) > > i changed those variables all to unsigned int, which makes those > increments defined behavior, and the range checks are ok, because > they cannot be negative anymore. > (it may behave strange, but you cannot trigger an out-of-bounds > read/write anymore) > also, i replaced the vt->cy += buf code paths with calls to > vncterm_gotoxy (which as you mentioned, perform all necessary checks) > > Dominik > > : https://git.proxmox.com/?p=vncterm.git;a=summary > : https://git.proxmox.com/?p=spiceterm.git;a=summary Sounds great. (I haven't looked yet.) Sorry for the false alarm, then. (I imagine some users would like to know of these issues having existed and having been fixed, though.) Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ