File LibVNCServer-CVE-2019-20839.patch of Package LibVNCServer.25862
Index: libvncserver-LibVNCServer-0.9.10/libvncclient/sockets.c
===================================================================
--- libvncserver-LibVNCServer-0.9.10.orig/libvncclient/sockets.c 2020-07-09 10:09:48.643818055 +0200
+++ libvncserver-LibVNCServer-0.9.10/libvncclient/sockets.c 2020-07-09 10:10:03.475905720 +0200
@@ -427,6 +427,10 @@ ConnectClientToUnixSock(const char *sock
int sock;
struct sockaddr_un addr;
addr.sun_family = AF_UNIX;
+ if(strlen(sockFile) + 1 > sizeof(addr.sun_path)) {
+ rfbClientErr("ConnectToUnixSock: socket file name too long\n");
+ return -1;
+ }
strcpy(addr.sun_path, sockFile);
sock = socket(AF_UNIX, SOCK_STREAM, 0);