rpms / libvncserver

Clone
Source Code
GIT

Blame SOURCES/libvncserver-0.9.11-CVE-2019-20839.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   80465dff1d67845eefa4e3941ac2da617d6b6f5a
  2.   SOURCES
  3.   libvncserver-0.9.11-CVE-2019-20839.patch
Blob History Raw
80465d 
From 3fd03977c9b35800d73a865f167338cb4d05b0c1 Mon Sep 17 00:00:00 2001
80465d 
From: Christian Beier <dontmind@freeshell.org>
80465d 
Date: Sat, 6 Apr 2019 20:23:12 +0200
80465d 
Subject: [PATCH] libvncclient: bail out if unix socket name would overflow
80465d
80465d 
Closes #291
80465d 
---
80465d 
 libvncclient/sockets.c | 4 ++++
80465d 
 1 file changed, 4 insertions(+)
80465d
80465d 
diff --git a/libvncclient/sockets.c b/libvncclient/sockets.c
80465d 
index f042472f..821f85ca 100644
80465d 
--- a/libvncclient/sockets.c
80465d 
+++ b/libvncclient/sockets.c
80465d 
@@ -461,6 +461,10 @@ ConnectClientToUnixSock(const char *sockFile)
80465d 
   int sock;
80465d 
   struct sockaddr_un addr;
80465d 
   addr.sun_family = AF_UNIX;
80465d 
+  if(strlen(sockFile) + 1 > sizeof(addr.sun_path)) {
80465d 
+      rfbClientErr("ConnectToUnixSock: socket file name too long\n");
80465d 
+      return -1;
80465d 
+  }
80465d 
   strcpy(addr.sun_path, sockFile);
80465d
80465d 
   sock = socket(AF_UNIX, SOCK_STREAM, 0);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation