diff options
| author | Christian Beier <dontmind@freeshell.org> | 2018-09-29 21:10:32 +0200 |
|---|---|---|
| committer | Christian Beier <dontmind@freeshell.org> | 2018-09-29 21:10:35 +0200 |
| commit | 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 (patch) | |
| tree | 3b0b5456f2186d0c9ff146ce086784882db194e6 | |
| parent | 8b06f835e259652b0ff026898014fc7297ade858 (diff) | |
| download | libtdevnc-2f5b2ad1c6c99b1ac6482c95844a84d66bb52838.tar.gz libtdevnc-2f5b2ad1c6c99b1ac6482c95844a84d66bb52838.zip | |
LibVNCClient: don't leak uninitialised memory to remote
The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process,
don't leak this to the remote.
Closes #252
| -rw-r--r-- | libvncclient/rfbproto.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index 669e388..808ad4d 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -1643,6 +1643,7 @@ SendKeyEvent(rfbClient* client, uint32_t key, rfbBool down) if (!SupportsClient2Server(client, rfbKeyEvent)) return TRUE; + memset(&ke, 0, sizeof(ke)); ke.type = rfbKeyEvent; ke.down = down ? 1 : 0; ke.key = rfbClientSwap32IfLE(key); @@ -1661,6 +1662,7 @@ SendClientCutText(rfbClient* client, char *str, int len) if (!SupportsClient2Server(client, rfbClientCutText)) return TRUE; + memset(&cct, 0, sizeof(cct)); cct.type = rfbClientCutText; cct.length = rfbClientSwap32IfLE(len); return (WriteToRFBServer(client, (char *)&cct, sz_rfbClientCutTextMsg) && |