From 8b975878c2343a367d6b6dea322d747d1c9ef801 Mon Sep 17 00:00:00 2001
From: Nick Bolton <nick@synergy-project.org>
Date: Tue, 26 May 2015 15:04:04 +0100
Subject: [PATCH] Limited clipboard size to 1kb when SSL is enabled #4601

@XinyuHou I had no choice but to block clipboard data over 1kb in
size... anything over that and you get an access violation.
---
 src/lib/server/ClientListener.h   |  3 +++
 src/lib/server/ClientProxy1_6.cpp | 17 +++++++++++++++--
 src/lib/server/Server.cpp         |  6 ++++++
 src/lib/server/Server.h           |  3 +++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/lib/server/ClientListener.h b/src/lib/server/ClientListener.h
index c0b35ab3..70ecb2eb 100644
--- a/src/lib/server/ClientListener.h
+++ b/src/lib/server/ClientListener.h
@@ -64,6 +64,9 @@ public:
 	//! Get server which owns this listener
 	Server*				getServer() { return m_server; }
 
+	//! Return true if using secure network connection
+	bool				isSecure() { return m_useSecureNetwork; }
+
 	//@}
 
 private:
diff --git a/src/lib/server/ClientProxy1_6.cpp b/src/lib/server/ClientProxy1_6.cpp
index 8b429cca..a27e8ce6 100644
--- a/src/lib/server/ClientProxy1_6.cpp
+++ b/src/lib/server/ClientProxy1_6.cpp
@@ -29,6 +29,11 @@
 // ClientProxy1_6
 //
 
+enum
+{
+	kSslClipboardMaxSize = 1024
+};
+
 ClientProxy1_6::ClientProxy1_6(const String& name, synergy::IStream* stream, Server* server, IEventQueue* events) :
 	ClientProxy1_5(name, stream, server, events),
 	m_events(events)
@@ -57,9 +62,17 @@ ClientProxy1_6::setClipboard(ClipboardID id, const IClipboard* clipboard)
 		size_t size = data.size();
 		LOG((CLOG_DEBUG "sending clipboard %d to \"%s\"", id, getName().c_str()));
 
-		StreamChunker::sendClipboard(data, size, id, 0, m_events, this);
+		// HACK: if using SSL, don't send large clipboards (#4601)
+		bool send = true;
+		if (getServer()->isSecure() && (size > kSslClipboardMaxSize)) {
+			send = false;
+			LOG((CLOG_WARN "large clipboards not supported with ssl, size=%d", size));
+		}
 
-		LOG((CLOG_DEBUG "sent clipboard size=%d", size));
+		if (send) {
+			StreamChunker::sendClipboard(data, size, id, 0, m_events, this);
+			LOG((CLOG_DEBUG "sent clipboard size=%d", size));
+		}
 	}
 }
 
diff --git a/src/lib/server/Server.cpp b/src/lib/server/Server.cpp
index 832a03b0..8b7c4afd 100644
--- a/src/lib/server/Server.cpp
+++ b/src/lib/server/Server.cpp
@@ -2389,3 +2389,9 @@ Server::dragInfoReceived(UInt32 fileNum, String content)
 
 	m_screen->startDraggingFiles(m_dragFileList);
 }
+
+bool
+Server::isSecure() const
+{
+	return m_clientListener->isSecure();
+}
diff --git a/src/lib/server/Server.h b/src/lib/server/Server.h
index d85a113d..63551efa 100644
--- a/src/lib/server/Server.h
+++ b/src/lib/server/Server.h
@@ -175,6 +175,9 @@ public:
 	//! Return received file data
 	String&				getReceivedFileData() { return m_receivedFileData; }
 
+	//! Return true if using secure network connection
+	bool				isSecure() const;
+
 	//@}
 
 private: