1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
From 7240f62ddc06643f982456c05c11d8afe5422069 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 26 Mar 2019 11:11:20 +0100
Subject: [PATCH] Handle server name overflow properly
We need to make sure it is null terminated on truncation. We also
need to avoid giving a too large size argument or modern gcc will
complain.
---
vncviewer/vncviewer.cxx | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index d7cbd6e36..4a8370b95 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -411,7 +411,8 @@ potentiallyLoadConfigurationFile(char *vncServerName)
newServerName = loadViewerParameters(vncServerName);
// This might be empty, but we still need to clear it so we
// don't try to connect to the filename
- strncpy(vncServerName, newServerName, VNCSERVERNAMELEN);
+ strncpy(vncServerName, newServerName, VNCSERVERNAMELEN-1);
+ vncServerName[VNCSERVERNAMELEN-1] = '\0';
} catch (rfb::Exception& e) {
vlog.error("%s", e.str());
if (alertOnFatalError)
@@ -541,8 +542,10 @@ int main(int argc, char** argv)
try {
const char* configServerName;
configServerName = loadViewerParameters(NULL);
- if (configServerName != NULL)
- strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN);
+ if (configServerName != NULL) {
+ strncpy(defaultServerName, configServerName, VNCSERVERNAMELEN-1);
+ defaultServerName[VNCSERVERNAMELEN-1] = '\0';
+ }
} catch (rfb::Exception& e) {
vlog.error("%s", e.str());
if (alertOnFatalError)
|
