summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Beier <[email protected]>2018-09-29 21:10:32 +0200
committerSlávek Banko <[email protected]>2019-03-03 16:04:38 +0100
commit2554b84b8b34676ea4c1a08a808bfe523df16cf2 (patch)
tree2d3530764cb5dbcd3cde48e5770e93e152fa02a0
parent90147500e0bad40ed39e5c978c523fad7a5f5f9f (diff)
downloadtdenetwork-2554b84b8b34676ea4c1a08a808bfe523df16cf2.tar.gz
tdenetwork-2554b84b8b34676ea4c1a08a808bfe523df16cf2.zip
LibVNCClient: don't leak uninitialised memory to remote
The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process, don't leak this to the remote. Closes #252 (cherry picked from commit 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838)
-rw-r--r--krdc/vnc/rfbproto.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/krdc/vnc/rfbproto.c b/krdc/vnc/rfbproto.c
index a178ed6f..d616d298 100644
--- a/krdc/vnc/rfbproto.c
+++ b/krdc/vnc/rfbproto.c
@@ -501,6 +501,7 @@ SendKeyEvent(CARD32 key, Bool down)
{
rfbKeyEventMsg ke;
+ memset(&ke, 0, sizeof(ke));
ke.type = rfbKeyEvent;
ke.down = down ? 1 : 0;
ke.key = Swap32IfLE(key);
@@ -518,6 +519,7 @@ SendClientCutText(const char *str, int len)
{
rfbClientCutTextMsg cct;
+ memset(&cct, 0, sizeof(cct));
cct.type = rfbClientCutText;
cct.length = Swap32IfLE((unsigned int)len);
return (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&