Overview

File LibVNCServer-CVE-2018-20023.patch of Package LibVNCServer.10270

diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
index e5373bc4..669e3884 100644
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -363,6 +363,7 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep
   rfbProtocolVersionMsg pv;
   int major,minor;
   char tmphost[250];
+  int tmphostlen;
 
 #ifdef LIBVNCSERVER_IPv6
   client->sock = ConnectClientToTcpAddr6(repeaterHost, repeaterPort);
@@ -398,8 +399,11 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep
 
   rfbClientLog("Connected to VNC repeater, using protocol version %d.%d\n", major, minor);
 
-  snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort);
-  if (!WriteToRFBServer(client, tmphost, sizeof(tmphost)))
+  tmphostlen = snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort);
+  if(tmphostlen < 0 || tmphostlen >= (int)sizeof(tmphost))
+    return FALSE; /* snprintf error or output truncated */
+
+  if (!WriteToRFBServer(client, tmphost, tmphostlen + 1))
     return FALSE;
 
   return TRUE;
openSUSE Build Service is sponsored by
Places