CConn.cxx

Jö Fahlke Sat, 27 Dec 2008 14:07:43 -0800

Package: xvnc4viewer
Version: 4.1.1+X4.3.0-30
Severity: normal
Tags: patch

When reading server host and number from stdin, xvnc4viewer does not check
whether anything was entered at all.  When the user just presses C-d or
fgets() sees End-Of-File for some other reason, it will leave the buffer it
should read the line into uninitialized, which means that getHostAndPort() is
called with an uninitialized string which can't be good.


Also, if the user somehow gives a line without trailing newline to xvnc4viewer
when it read server host and number, xvnc4viewer will chop of the last
character of the server specification.  So lets check whether the last
character actually is '\n' first.

Bye,
Jö.


======================================================================
diff -ru vnc4-4.1.1+X4.3.0_orig/unix/vncviewer/CConn.cxx 
vnc4-4.1.1+X4.3.0/unix/vncviewer/CConn.cxx
--- vnc4-4.1.1+X4.3.0_orig/unix/vncviewer/CConn.cxx     2008-12-27 
22:32:48.000000000 +0100
+++ vnc4-4.1.1+X4.3.0/unix/vncviewer/CConn.cxx  2008-12-27 22:28:37.000000000 
+0100
@@ -93,9 +93,15 @@
         /* Get server */
         fprintf(stderr, "Server: ");
         vncServerName = new char[128];
-        fgets(vncServerName, 128, stdin);
-       /* remove \n at the end */
-       vncServerName[strlen(vncServerName)-1] = '\0';
+        if(fgets(vncServerName, 128, stdin)) {
+          size_t len = strlen(vncServerName);
+          /* remove \n at the end */
+          if(vncServerName[len-1] == '\n')
+            vncServerName[len-1] = '\0';
+        } else {
+          /* fgets failed, probably eof -- assume empty string as input */
+          vncServerName[0] = '\0';
+        }
         getHostAndPort(vncServerName, &serverHost, &serverPort);
       } else {
         ServerDialog dlg(dpy, &options, &about);
======================================================================


-- System Information:
Debian Release: 5.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xvnc4viewer depends on:
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libsm6                 2:1.0.3-2         X11 Session Management library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libx11-6               2:1.1.5-2         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

xvnc4viewer recommends no packages.

xvnc4viewer suggests no packages.

-- no debconf information

-- 
Computers are like air conditioners.  Both stop working, if you open
windows.
-- Adam Heath

signature.asc
Description: Digital signature

Bug#509949: use of uninitilized memory in unix/vncviewer/CConn.cxx

Reply via email to