[vnc-reflector] Fix a one-byte buffer overflow in formatting RFB version string

Petr Pisar ppisar at fedoraproject.org
Fri Apr 6 13:07:21 UTC 2012 

commit 57b67ace4a2044c3cca4c6a0f26d781e95473e10
Author: Petr Písař <ppisar at redhat.com>
Date:   Fri Apr 6 14:56:34 2012 +0200

    Fix a one-byte buffer overflow in formatting RFB version string

 ...eflector-1.2.4-rfb_format_buffer_overflow.patch |   18 ++++++++++++++++++
 vnc-reflector.spec                                 |    4 ++++
 2 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch b/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch
new file mode 100644
index 0000000..70ebe71
--- /dev/null
+++ b/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch
@@ -0,0 +1,18 @@
+r192 | const_k | 2003-07-30 20:22:07 +0200 (St, 30 čec 2003) | 2 lines
+A one-byte buffer overflow has been fixed.
+
+Petr Pisar: CVS IDs removed
+
+Index: host_connect.c
+===================================================================
+--- host_connect.c	(revision 191)
++++ host_connect.c	(revision 192)
+@@ -237,7 +237,7 @@
+   char *buf = (char *)cur_slot->readbuf;
+   int major = 3, minor = 3;
+   int remote_major, remote_minor;
+-  char ver_msg[12];
++  char ver_msg[16];
+ 
+   if ( strncmp(buf, "RFB ", 4) != 0 || !isdigit(buf[4]) ||
+        !isdigit(buf[4]) || !isdigit(buf[5]) || !isdigit(buf[6]) ||
diff --git a/vnc-reflector.spec b/vnc-reflector.spec
index d1d6229..285eb56 100644
--- a/vnc-reflector.spec
+++ b/vnc-reflector.spec
@@ -10,6 +10,8 @@ Source0:   http://dl.sf.net/vnc-reflector/vnc_reflector-%{version}.tar.gz
 # Bug #569350, submitted to upstream
 # <http://sourceforge.net/tracker/?func=detail&aid=2984246&group_id=38605&atid=422840>
 Patch0:    %{name}-1.2.4-loggingfix.patch
+# In upstream after 1.2.4 as commit r192
+Patch1:    %{name}-1.2.4-rfb_format_buffer_overflow.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: libjpeg-devel, zlib-devel 
@@ -22,6 +24,7 @@ efficiently with large number of clients.
 %prep
 %setup -q -n vnc_reflector
 %patch0 -p0 -b .logging
+%patch1 -p0 -b .rfb_format
 
 
 %build
@@ -49,6 +52,7 @@ rm -rf %{buildroot}
 %changelog
 * Fri Apr 06 2012 Petr Pisar <ppisar at redhat.com>
 - Fix a crash when running on foreground (bug #569350)
+- Fix a one-byte buffer overflow in formatting RFB version string
 
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

More information about the scm-commits mailing list