Blame SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch
|
 |
3ab0c7 |
diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx
|
|
|
3ab0c7 |
index e4a508c..f555c57 100644
|
|
|
3ab0c7 |
--- a/common/rfb/Password.cxx
|
|
|
3ab0c7 |
+++ b/common/rfb/Password.cxx
|
|
|
3ab0c7 |
@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() {
|
|
|
3ab0c7 |
|
|
|
3ab0c7 |
void PlainPasswd::replaceBuf(char* b) {
|
|
|
3ab0c7 |
if (buf)
|
|
|
3ab0c7 |
- memset(buf, 0, strlen(buf));
|
|
|
3ab0c7 |
+ memset(buf, 0, length ? length : strlen(buf));
|
|
|
3ab0c7 |
CharArray::replaceBuf(b);
|
|
|
3ab0c7 |
}
|
|
|
3ab0c7 |
|
|
|
8aca67 |
diff --git a/common/rfb/util.h b/common/rfb/util.h
|
|
|
3ab0c7 |
index 3100f90..764692a 100644
|
|
|
8aca67 |
--- a/common/rfb/util.h
|
|
|
8aca67 |
+++ b/common/rfb/util.h
|
|
|
3ab0c7 |
@@ -51,16 +51,21 @@ namespace rfb {
|
|
|
8aca67 |
CharArray() : buf(0) {}
|
|
|
8aca67 |
CharArray(char* str) : buf(str) {} // note: assumes ownership
|
|
|
3ab0c7 |
CharArray(size_t len) {
|
|
|
3ab0c7 |
+ length = len;
|
|
|
3ab0c7 |
buf = new char[len]();
|
|
|
8aca67 |
}
|
|
|
8aca67 |
~CharArray() {
|
|
|
3ab0c7 |
- delete [] buf;
|
|
|
3ab0c7 |
+ if (buf) {
|
|
|
3ab0c7 |
+ delete [] buf;
|
|
|
3ab0c7 |
+ buf = nullptr;
|
|
|
3ab0c7 |
+ }
|
|
|
3ab0c7 |
}
|
|
|
3ab0c7 |
void format(const char *fmt, ...) __printf_attr(2, 3);
|
|
|
3ab0c7 |
// Get the buffer pointer & clear it (i.e. caller takes ownership)
|
|
|
3ab0c7 |
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
|
|
|
3ab0c7 |
- void replaceBuf(char* b) {delete [] buf; buf = b;}
|
|
|
3ab0c7 |
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
|
|
|
3ab0c7 |
char* buf;
|
|
|
3ab0c7 |
+ size_t length = 0;
|
|
|
3ab0c7 |
private:
|
|
|
3ab0c7 |
CharArray(const CharArray&);
|
|
|
3ab0c7 |
CharArray& operator=(const CharArray&);
|