unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
blob e328d87920dc5896116d5288062e9f7338825e18 865 bytes (raw)
name: gnu/packages/patches/libvnc-CVE-2019-15681.patch 	 # note: path name is non-authoritative(*)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
From: Christian Beier <dontmind@freeshell.org>
Date: Mon, 19 Aug 2019 22:32:25 +0200
Subject: [PATCH] rfbserver: don't leak stack memory to the remote

Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
---
 libvncserver/rfbserver.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
index 3bacc891..310e5487 100644
--- a/libvncserver/rfbserver.c
+++ b/libvncserver/rfbserver.c
@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
     rfbServerCutTextMsg sct;
     rfbClientIteratorPtr iterator;
 
+    memset((char *)&sct, 0, sizeof(sct));
+
     iterator = rfbGetClientIterator(rfbScreen);
     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
         sct.type = rfbServerCutText;

debug log:

solving e328d87920 ...
found e328d87920 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).