Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-server/pull/156#discussion_r170825324
--- Diff: src/terminal/terminal.c ---
@@ -1594,7 +1599,7 @@ static int __guac_terminal_send_key(guac_terminal*
term, int keysym, int pressed
/* Non-printable keys */
else {
- if (keysym == 0xFF08) return guac_terminal_send_string(term,
"\x7F"); /* Backspace */
+ if (keysym == 0xFF08) return guac_terminal_send_string(term,
&term->backspace); /* Backspace */
--- End diff --
`guac_terminal_send_string()` requires a null-terminated string. As
`&term->backspace` is a pointer to a single character, there is no guarantee of
null terminator, and this may read without bound, resulting in connection
closure or dumping of memory data to the remote terminal.
---
