Overview

File filetransfer-overflow.diff of Package LibVNCServer

Index: LibVNCServer-0.9.1/libvncserver/tightvnc-filetransfer/filetransfermsg.c
===================================================================
--- LibVNCServer-0.9.1.orig/libvncserver/tightvnc-filetransfer/filetransfermsg.c
+++ LibVNCServer-0.9.1/libvncserver/tightvnc-filetransfer/filetransfermsg.c
@@ -392,9 +392,9 @@ CreateFileDownloadErrMsg(char* reason, u
 FileTransferMsg
 CreateFileDownloadZeroSizeDataMsg(unsigned long mTime)
 {
 	FileTransferMsg fileDownloadZeroSizeDataMsg;
-	int length = sz_rfbFileDownloadDataMsg + sizeof(int);
+	int length = sz_rfbFileDownloadDataMsg + sizeof(long);
 	rfbFileDownloadDataMsg *pFDD = NULL;
 	char *pFollow = NULL;
 	
 	char *pData = (char*) calloc(length, sizeof(char));
openSUSE Build Service is sponsored by
Places