1 files changed, 39 insertions, 0 deletions

diff --git a/user/tigervnc/null-termination.patch b/user/tigervnc/null-termination.patch
new file mode 100644
index 000000000..e80a4f62d
--- /dev/null
+++ b/user/tigervnc/null-termination.patch
@@ -0,0 +1,39 @@
+From 7240f62ddc06643f982456c05c11d8afe5422069 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <ossman@cendio.se>
+Date: Tue, 26 Mar 2019 11:11:20 +0100
+Subject: [PATCH] Handle server name overflow properly
+
+We need to make sure it is null terminated on truncation. We also
+need to avoid giving a too large size argument or modern gcc will
+complain.
+---
+ vncviewer/vncviewer.cxx | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
+index d7cbd6e36..4a8370b95 100644
+--- a/vncviewer/vncviewer.cxx
++++ b/vncviewer/vncviewer.cxx
+@@ -411,7 +411,8 @@ potentiallyLoadConfigurationFile(char *vncServerName)
+       newServerName = loadViewerParameters(vncServerName);
+       // This might be empty, but we still need to clear it so we
+       // don't try to connect to the filename
+-      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
++      strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
++      vncServerName[VNCSERVERNAMELEN-1] = '\0';
+     } catch (rfb::Exception& e) {
+       vlog.error("%s", e.str());
+       if (alertOnFatalError)
+@@ -541,8 +542,10 @@ int main(int argc, char** argv)
+   try {
+     const char* configServerName;
+     configServerName = loadViewerParameters(NULL);
+-    if (configServerName != NULL)
+-      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
++    if (configServerName != NULL) {
++      strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
++      defaultServerName[VNCSERVERNAMELEN-1] = '\0';
++    }
+   } catch (rfb::Exception& e) {
+     vlog.error("%s", e.str());
+     if (alertOnFatalError)