Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b25d53ba-7344-a2c2-fb22-b7744ee1016e@proxmox.com>
Date: Fri, 23 Feb 2018 09:20:48 +0100
From: Dominik Csapak <d.csapak@...xmox.com>
To: oss-security@...ts.openwall.com
Subject: Re: review of LibVNCServer/vncterm proxmox/vncterm
 proxmox/spiceterm xenserver/vncterm qemu/ui/console.c

Hi,

Thanks for the review.

I do not know where you looked at our code, but in our official git 
repositories for vncterm[1] and spiceterm[2]

those issues are already fixed (since 2017-05-05)

i changed those variables all to unsigned int, which makes those 
increments defined behavior, and the range checks are ok, because
they cannot be negative anymore.
(it may behave strange, but you cannot trigger an out-of-bounds 
read/write anymore)
also, i replaced the vt->cy += buf code paths with calls to
vncterm_gotoxy (which as you mentioned, perform all necessary checks)

Dominik

[1]: https://git.proxmox.com/?p=vncterm.git;a=summary
[2]: https://git.proxmox.com/?p=spiceterm.git;a=summary

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.