Fix stack-based buffer overflow

There was a possible buffer overflow in rfbFileTransferOffer message when
processing the FileTime.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
pull/1/head
Nicolas Ruff 10 years ago committed by Johannes Schindelin
parent 7e9ce73b5d
commit c18fa98b1f

@ -1770,7 +1770,8 @@ rfbBool rfbProcessFileTransfer(rfbClientPtr cl, uint8_t contentType, uint8_t con
p = strrchr(buffer, ',');
if (p!=NULL) {
*p = '\0';
strcpy(szFileTime, p+1);
strncpy(szFileTime, p+1, sizeof(szFileTime));
szFileTime[sizeof(szFileTime)-1] = '\x00'; /* ensure NULL terminating byte is present, even if copy overflowed */
} else
szFileTime[0]=0;

Loading…
Cancel
Save