Commit 9b422f13 authored by Albert Astals Cid's avatar Albert Astals Cid
Browse files

Fix uninitialized memory read when calling rfbEncryptBytes

rfbEncryptBytes calls strlen on passwd so we need to make sure there's
an empty null character at the end if the password is of MAXPWLEN size
parent bb59ce27
......@@ -217,11 +217,11 @@ bool PendingRfbClient::vncAuthCheckPassword(const QByteArray& password, const QB
return true;
}
char passwd[MAXPWLEN];
char passwd[MAXPWLEN+1]; // +1 to make sure there's a nullptr at the end
unsigned char challenge[CHALLENGESIZE];
memcpy(challenge, m_rfbClient->authChallenge, CHALLENGESIZE);
memset(passwd, 0, MAXPWLEN);
memset(passwd, 0, sizeof(passwd));
if (!password.isEmpty()) {
strncpy(passwd, password.constData(),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment