Group :: Rede/Acesso Remoto
RPM: tigervnc
Navegação
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: FC-passwd-crash-with-malloc-checks.patch
Download
Download
From 5d834359bef6727df82cf4f2c2f3f255145f7785 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich@redhat.com>
Date: Tue, 25 May 2021 14:18:48 +0200
Subject: [PATCH] CharArray: pre-fill empty array with zeroes
CharArray should always be null-terminated. There is a potential
scenario where this all might lead to crash. In Password we call
memset(), passing length of the array we get with strlen(), but
this won't return correct value when the array is not properly
null-terminated.
---
common/rfb/util.h | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/common/rfb/util.h b/common/rfb/util.h
index 3100f90fd..71caac426 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -52,14 +52,17 @@ namespace rfb { CharArray(char* str) : buf(str) {} // note: assumes ownership CharArray(size_t len) {buf = new char[len]();
+ memset(buf, 0, len);
}
~CharArray() {- delete [] buf;
+ if (buf) {+ delete [] buf;
+ }
}
void format(const char *fmt, ...) __printf_attr(2, 3);
// Get the buffer pointer & clear it (i.e. caller takes ownership)
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}- void replaceBuf(char* b) {delete [] buf; buf = b;}+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}char* buf;
private:
CharArray(const CharArray&);