From 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sat, 29 Sep 2018 21:10:32 +0200 Subject: [PATCH] LibVNCClient: don't leak uninitialised memory to remote The pad fields of the rfbClientCutTextMsg and rfbKeyEventMsg could contain arbitray memory belonging to the process, don't leak this to the remote. Closes #252 --- libvncclient/rfbproto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index 669e388..808ad4d 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -1643,6 +1643,7 @@ SendKeyEvent(rfbClient* client, uint32_t key, rfbBool down) if (!SupportsClient2Server(client, rfbKeyEvent)) return TRUE; + memset(&ke, 0, sizeof(ke)); ke.type = rfbKeyEvent; ke.down = down ? 1 : 0; ke.key = rfbClientSwap32IfLE(key); @@ -1661,6 +1662,7 @@ SendClientCutText(rfbClient* client, char *str, int len) if (!SupportsClient2Server(client, rfbClientCutText)) return TRUE; + memset(&cct, 0, sizeof(cct)); cct.type = rfbClientCutText; cct.length = rfbClientSwap32IfLE(len); return (WriteToRFBServer(client, (char *)&cct, sz_rfbClientCutTextMsg) &&