summaryrefslogtreecommitdiff
path: root/user/libvncserver/CVE-2019-15681.patch
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-03-18 15:23:00 -0500
committerMax Rees <maxcrees@me.com>2020-03-19 22:21:25 -0500
commit9c855993eb92e8d569e35698fb4f632e2e4de52c (patch)
tree9581221c8cba97f70301d9b7db416bb215ec14cc /user/libvncserver/CVE-2019-15681.patch
parent91d7404926e640ca6663b2865ee3e125a4adead2 (diff)
downloadpackages-9c855993eb92e8d569e35698fb4f632e2e4de52c.tar.gz
packages-9c855993eb92e8d569e35698fb4f632e2e4de52c.tar.bz2
packages-9c855993eb92e8d569e35698fb4f632e2e4de52c.tar.xz
packages-9c855993eb92e8d569e35698fb4f632e2e4de52c.zip
user/libvncserver: patch CVE-2019-15681 and CVE-2019-15690
Diffstat (limited to 'user/libvncserver/CVE-2019-15681.patch')
-rw-r--r--user/libvncserver/CVE-2019-15681.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/user/libvncserver/CVE-2019-15681.patch b/user/libvncserver/CVE-2019-15681.patch
new file mode 100644
index 000000000..e328d8792
--- /dev/null
+++ b/user/libvncserver/CVE-2019-15681.patch
@@ -0,0 +1,23 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc891..310e5487 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
+ rfbServerCutTextMsg sct;
+ rfbClientIteratorPtr iterator;
+
++ memset((char *)&sct, 0, sizeof(sct));
++
+ iterator = rfbGetClientIterator(rfbScreen);
+ while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+ sct.type = rfbServerCutText;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-08 14:59:33 +0000