Date: Fri, 23 Feb 2018 09:20:48 +0100 From: Dominik Csapak <d.csapak@...xmox.com> To: oss-security@...ts.openwall.com Subject: Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c Hi, Thanks for the review. I do not know where you looked at our code, but in our official git repositories for vncterm and spiceterm those issues are already fixed (since 2017-05-05) i changed those variables all to unsigned int, which makes those increments defined behavior, and the range checks are ok, because they cannot be negative anymore. (it may behave strange, but you cannot trigger an out-of-bounds read/write anymore) also, i replaced the vt->cy += buf code paths with calls to vncterm_gotoxy (which as you mentioned, perform all necessary checks) Dominik : https://git.proxmox.com/?p=vncterm.git;a=summary : https://git.proxmox.com/?p=spiceterm.git;a=summary
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.