summary refs log tree commit diff
path: root/gnu/packages/patches/libvnc-CVE-2019-15681.patch
diff options
context:
space:
mode:
authorHartmut Goebel <h.goebel@crazy-compilers.com>2020-01-20 23:43:18 +0100
committerHartmut Goebel <h.goebel@crazy-compilers.com>2020-01-22 12:43:49 +0100
commita789f654a0f370720b2c6b7856b9971dcc1d5eb1 (patch)
tree1ff81707588fcaab485ea1acb003e4a6fc9237bf /gnu/packages/patches/libvnc-CVE-2019-15681.patch
parent94c7ef932a5857020c2a5349ff1970b1809a080e (diff)
downloadguix-a789f654a0f370720b2c6b7856b9971dcc1d5eb1.tar.gz
gnu: Add libvnc.
* gnu/packages/vnc.scm (libvnc): New variable.
  gnu/packages/patches/libvnc-CVE-2018-20750.patch,
  gnu/packages/patches/libvnc-CVE-2019-15681.patch: New files.
* gnu/local.mk: Add them.
Diffstat (limited to 'gnu/packages/patches/libvnc-CVE-2019-15681.patch')
-rw-r--r--gnu/packages/patches/libvnc-CVE-2019-15681.patch23
1 files changed, 23 insertions, 0 deletions
diff --git a/gnu/packages/patches/libvnc-CVE-2019-15681.patch b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
new file mode 100644
index 0000000000..e328d87920
--- /dev/null
+++ b/gnu/packages/patches/libvnc-CVE-2019-15681.patch
@@ -0,0 +1,23 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+---
+ libvncserver/rfbserver.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libvncserver/rfbserver.c b/libvncserver/rfbserver.c
+index 3bacc891..310e5487 100644
+--- a/libvncserver/rfbserver.c
++++ b/libvncserver/rfbserver.c
+@@ -3724,6 +3724,8 @@ rfbSendServerCutText(rfbScreenInfoPtr rfbScreen,char *str, int len)
+     rfbServerCutTextMsg sct;
+     rfbClientIteratorPtr iterator;
+ 
++    memset((char *)&sct, 0, sizeof(sct));
++
+     iterator = rfbGetClientIterator(rfbScreen);
+     while ((cl = rfbClientIteratorNext(iterator)) != NULL) {
+         sct.type = rfbServerCutText;