qemu-e2k/ui
Daniel P. Berrange 2cdb5e142f CVE-2015-1779: limit size of HTTP headers from websockets clients
The VNC server websockets decoder will read and buffer data from
websockets clients until it sees the end of the HTTP headers,
as indicated by \r\n\r\n. In theory this allows a malicious to
trick QEMU into consuming an arbitrary amount of RAM. In practice,
because QEMU runs g_strstr_len() across the buffered header data,
it will spend increasingly long burning CPU time searching for
the substring match and less & less time reading data. So while
this does cause arbitrary memory growth, the bigger problem is
that QEMU will be burning 100% of available CPU time.

A novnc websockets client typically sends headers of around
512 bytes in length. As such it is reasonable to place a 4096
byte limit on the amount of data buffered while searching for
the end of HTTP headers.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2015-04-01 17:12:55 +02:00
..
cocoa.m
console.c ui/console: fix OVERFLOW_BEFORE_WIDEN 2015-03-12 08:22:12 +01:00
curses_keys.h
curses.c
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c
d3des.c ui: Removed unused functions 2015-03-10 08:15:33 +03:00
d3des.h ui: Removed unused functions 2015-03-10 08:15:33 +03:00
gtk.c gtk: do not call gtk_widget_get_window if drawing area is not initialized 2015-03-26 17:58:12 +01:00
input-keymap.c
input-legacy.c ui: Removed unused functions 2015-03-10 08:15:33 +03:00
input.c hmp: Name HMP command handler functions hmp_COMMAND() 2015-02-18 11:58:30 +01:00
keymaps.c
keymaps.h
Makefile.objs
qemu-pixman.c
qemu-x509.h
sdl2-2d.c
sdl2-input.c
sdl2-keymap.h
sdl2.c
sdl_keysym.h
sdl_zoom_template.h
sdl_zoom.c
sdl_zoom.h
sdl.c sdl: Fix crash when calling sdl_switch() with NULL surface 2015-03-12 12:54:23 +01:00
spice-core.c spice: add unix address support 2015-01-22 11:18:41 +01:00
spice-display.c spice: fix coverity reported defect in display code 2015-01-22 11:18:41 +01:00
spice-input.c
vgafont.h
vnc_keysym.h qemu-char: add cyrillic characters 'numerosign' to VNC keysyms 2015-03-10 08:15:34 +03:00
vnc-auth-sasl.c vnc: drop display+ws_display from VncDisplay 2015-03-12 08:22:07 +01:00
vnc-auth-sasl.h
vnc-auth-vencrypt.c ui: remove unused 'wiremode' variable in VncState struct 2015-03-18 09:25:13 +01:00
vnc-auth-vencrypt.h
vnc-enc-hextile-template.h
vnc-enc-hextile.c
vnc-enc-tight.c
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle-template.c
vnc-enc-zrle.c
vnc-enc-zrle.h
vnc-enc-zywrle-template.c
vnc-enc-zywrle.h
vnc-jobs.c ui/vnc: Remove vnc_stop_worker_thread() 2015-03-10 08:15:33 +03:00
vnc-jobs.h ui/vnc: Remove vnc_stop_worker_thread() 2015-03-10 08:15:33 +03:00
vnc-palette.c
vnc-palette.h
vnc-tls.c ui: remove separate gnutls_session for websockets server 2015-03-18 09:25:14 +01:00
vnc-tls.h ui: remove unused 'wiremode' variable in VncState struct 2015-03-18 09:25:13 +01:00
vnc-ws.c CVE-2015-1779: limit size of HTTP headers from websockets clients 2015-04-01 17:12:55 +02:00
vnc-ws.h CVE-2015-1779: incrementally decode websocket frames 2015-04-01 17:11:34 +02:00
vnc.c ui: remove separate gnutls_session for websockets server 2015-03-18 09:25:14 +01:00
vnc.h CVE-2015-1779: incrementally decode websocket frames 2015-04-01 17:11:34 +02:00
x_keymap.c
x_keymap.h