[vnc-reflector] Fix a one-byte buffer overflow in formatting RFB version string
Petr Pisar
ppisar at fedoraproject.org
Fri Apr 6 13:07:21 UTC 2012
commit 57b67ace4a2044c3cca4c6a0f26d781e95473e10
Author: Petr Písař <ppisar at redhat.com>
Date: Fri Apr 6 14:56:34 2012 +0200
Fix a one-byte buffer overflow in formatting RFB version string
...eflector-1.2.4-rfb_format_buffer_overflow.patch | 18 ++++++++++++++++++
vnc-reflector.spec | 4 ++++
2 files changed, 22 insertions(+), 0 deletions(-)
---
diff --git a/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch b/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch
new file mode 100644
index 0000000..70ebe71
--- /dev/null
+++ b/vnc-reflector-1.2.4-rfb_format_buffer_overflow.patch
@@ -0,0 +1,18 @@
+r192 | const_k | 2003-07-30 20:22:07 +0200 (St, 30 čec 2003) | 2 lines
+A one-byte buffer overflow has been fixed.
+
+Petr Pisar: CVS IDs removed
+
+Index: host_connect.c
+===================================================================
+--- host_connect.c (revision 191)
++++ host_connect.c (revision 192)
+@@ -237,7 +237,7 @@
+ char *buf = (char *)cur_slot->readbuf;
+ int major = 3, minor = 3;
+ int remote_major, remote_minor;
+- char ver_msg[12];
++ char ver_msg[16];
+
+ if ( strncmp(buf, "RFB ", 4) != 0 || !isdigit(buf[4]) ||
+ !isdigit(buf[4]) || !isdigit(buf[5]) || !isdigit(buf[6]) ||
diff --git a/vnc-reflector.spec b/vnc-reflector.spec
index d1d6229..285eb56 100644
--- a/vnc-reflector.spec
+++ b/vnc-reflector.spec
@@ -10,6 +10,8 @@ Source0: http://dl.sf.net/vnc-reflector/vnc_reflector-%{version}.tar.gz
# Bug #569350, submitted to upstream
# <http://sourceforge.net/tracker/?func=detail&aid=2984246&group_id=38605&atid=422840>
Patch0: %{name}-1.2.4-loggingfix.patch
+# In upstream after 1.2.4 as commit r192
+Patch1: %{name}-1.2.4-rfb_format_buffer_overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libjpeg-devel, zlib-devel
@@ -22,6 +24,7 @@ efficiently with large number of clients.
%prep
%setup -q -n vnc_reflector
%patch0 -p0 -b .logging
+%patch1 -p0 -b .rfb_format
%build
@@ -49,6 +52,7 @@ rm -rf %{buildroot}
%changelog
* Fri Apr 06 2012 Petr Pisar <ppisar at redhat.com>
- Fix a crash when running on foreground (bug #569350)
+- Fix a one-byte buffer overflow in formatting RFB version string
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list