mirror of
https://github.com/kasmtech/KasmVNC.git
synced 2024-11-08 17:24:13 +01:00
3282836baf
Move the checks around to avoid missing cases where we might access memory that is no longer valid. Also avoid touching the underlying stream implicitly (e.g. via the destructor) as it might also no longer be valid. A malicious server could theoretically use this for remote code execution in the client. Issue found by Pavel Cheremushkin from Kaspersky Lab |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| Exception.cxx | ||
| Exception.h | ||
| FdInStream.cxx | ||
| FdInStream.h | ||
| FdOutStream.cxx | ||
| FdOutStream.h | ||
| FileInStream.cxx | ||
| FileInStream.h | ||
| FixedMemOutStream.h | ||
| HexInStream.cxx | ||
| HexInStream.h | ||
| HexOutStream.cxx | ||
| HexOutStream.h | ||
| InStream.cxx | ||
| InStream.h | ||
| MemInStream.h | ||
| MemOutStream.h | ||
| OutStream.h | ||
| RandomStream.cxx | ||
| RandomStream.h | ||
| SubstitutingInStream.h | ||
| TLSException.cxx | ||
| TLSException.h | ||
| TLSInStream.cxx | ||
| TLSInStream.h | ||
| TLSOutStream.cxx | ||
| TLSOutStream.h | ||
| types.h | ||
| ZlibInStream.cxx | ||
| ZlibInStream.h | ||
| ZlibOutStream.cxx | ||
| ZlibOutStream.h | ||