CConn.cxx)

Debian Bug Tracking System Sun, 21 Feb 2010 03:39:48 -0800

Your message dated Sun, 21 Feb 2010 11:33:00 +0000
with message-id <[email protected]>
and subject line Bug#509949: fixed in vnc4 4.1.1+X4.3.0-36
has caused the Debian Bug report #509949,
regarding use of uninitilized memory in unix/vncviewer/CConn.cxx
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
509949: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509949
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: xvnc4viewer
Version: 4.1.1+X4.3.0-30
Severity: normal
Tags: patch

When reading server host and number from stdin, xvnc4viewer does not check
whether anything was entered at all.  When the user just presses C-d or
fgets() sees End-Of-File for some other reason, it will leave the buffer it
should read the line into uninitialized, which means that getHostAndPort() is
called with an uninitialized string which can't be good.

Also, if the user somehow gives a line without trailing newline to xvnc4viewer
when it read server host and number, xvnc4viewer will chop of the last
character of the server specification.  So lets check whether the last
character actually is '\n' first.

Bye,
Jö.


======================================================================
diff -ru vnc4-4.1.1+X4.3.0_orig/unix/vncviewer/CConn.cxx 
vnc4-4.1.1+X4.3.0/unix/vncviewer/CConn.cxx
--- vnc4-4.1.1+X4.3.0_orig/unix/vncviewer/CConn.cxx     2008-12-27 
22:32:48.000000000 +0100
+++ vnc4-4.1.1+X4.3.0/unix/vncviewer/CConn.cxx  2008-12-27 22:28:37.000000000 
+0100
@@ -93,9 +93,15 @@
         /* Get server */
         fprintf(stderr, "Server: ");
         vncServerName = new char[128];
-        fgets(vncServerName, 128, stdin);
-       /* remove \n at the end */
-       vncServerName[strlen(vncServerName)-1] = '\0';
+        if(fgets(vncServerName, 128, stdin)) {
+          size_t len = strlen(vncServerName);
+          /* remove \n at the end */
+          if(vncServerName[len-1] == '\n')
+            vncServerName[len-1] = '\0';
+        } else {
+          /* fgets failed, probably eof -- assume empty string as input */
+          vncServerName[0] = '\0';
+        }
         getHostAndPort(vncServerName, &serverHost, &serverPort);
       } else {
         ServerDialog dlg(dpy, &options, &about);
======================================================================


-- System Information:
Debian Release: 5.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xvnc4viewer depends on:
ii  libc6                  2.7-16            GNU C Library: Shared libraries
ii  libgcc1                1:4.3.2-1         GCC support library
ii  libice6                2:1.0.4-1         X11 Inter-Client Exchange library
ii  libsm6                 2:1.0.3-2         X11 Session Management library
ii  libstdc++6             4.3.2-1           The GNU Standard C++ Library v3
ii  libx11-6               2:1.1.5-2         X11 client-side library
ii  libxext6               2:1.0.4-1         X11 miscellaneous extension librar
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

xvnc4viewer recommends no packages.

xvnc4viewer suggests no packages.

-- no debconf information

-- 
Computers are like air conditioners.  Both stop working, if you open
windows.
-- Adam Heath

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: vnc4
Source-Version: 4.1.1+X4.3.0-36

We believe that the bug you reported is fixed in the latest version of
vnc4, which is due to be installed in the Debian FTP archive:

vnc4_4.1.1+X4.3.0-36.diff.gz
  to main/v/vnc4/vnc4_4.1.1+X4.3.0-36.diff.gz
vnc4_4.1.1+X4.3.0-36.dsc
  to main/v/vnc4/vnc4_4.1.1+X4.3.0-36.dsc
vnc4server_4.1.1+X4.3.0-36_i386.deb
  to main/v/vnc4/vnc4server_4.1.1+X4.3.0-36_i386.deb
xvnc4viewer_4.1.1+X4.3.0-36_i386.deb
  to main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-36_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ola Lundqvist <[email protected]> (supplier of updated vnc4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Feb 2010 10:02:12 +0100
Source: vnc4
Binary: vnc4server xvnc4viewer
Architecture: source i386
Version: 4.1.1+X4.3.0-36
Distribution: unstable
Urgency: low
Maintainer: Ola Lundqvist <[email protected]>
Changed-By: Ola Lundqvist <[email protected]>
Description: 
 vnc4server - Virtual network computing server software
 xvnc4viewer - Virtual network computing client software for X
Closes: 509949
Changes: 
 vnc4 (4.1.1+X4.3.0-36) unstable; urgency=low
 .
   * Correction for use of uninitilized memory, closes: #509949. Thanks
     to Jö Fahlke <[email protected]> for the patch.
Checksums-Sha1: 
 bc26865fe86ff962d0e8b4093095961dd75cf4fd 1083 vnc4_4.1.1+X4.3.0-36.dsc
 1fc1f79ea22c36ed3627bb1fd85cae27793c11ef 65924 vnc4_4.1.1+X4.3.0-36.diff.gz
 674eb31dc3c0e6ebef3c0cd303520572c94a7921 1865402 
vnc4server_4.1.1+X4.3.0-36_i386.deb
 e9f7797838e2af03ea0505a660f3c7bb875b214c 133990 
xvnc4viewer_4.1.1+X4.3.0-36_i386.deb
Checksums-Sha256: 
 b57158e0811bd997171de155bb345ae58cd9894237dde637b9b09b565a753cf6 1083 
vnc4_4.1.1+X4.3.0-36.dsc
 ff493053012f9f6764e7888be9caaf49364a996689b57b9aa33b7c5baafb91a1 65924 
vnc4_4.1.1+X4.3.0-36.diff.gz
 8ac63bba8f93594b2663caeb92518cae6a10619c48720addc82b6ae7da3908cc 1865402 
vnc4server_4.1.1+X4.3.0-36_i386.deb
 40dfd12bb9a30f1ca26df225c2d8c853b7777873101d2eb4b78cb5d586e1853a 133990 
xvnc4viewer_4.1.1+X4.3.0-36_i386.deb
Files: 
 0c7595c6f8d828d54a408cff211ffb79 1083 x11 optional vnc4_4.1.1+X4.3.0-36.dsc
 b30a1fd651ff83fbc2d76066ea6022cc 65924 x11 optional 
vnc4_4.1.1+X4.3.0-36.diff.gz
 9e1e6132f4dac98d583b3759afdee6d0 1865402 x11 optional 
vnc4server_4.1.1+X4.3.0-36_i386.deb
 f3c58ae735be06a3077a1840b021ee19 133990 net optional 
xvnc4viewer_4.1.1+X4.3.0-36_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuBEEcACgkQGKGxzw/lPdl+kACeKmg0dSTJr42gjoW+GiEJ+PZp
CY0An03rk8KWHadGc8+7HC5c7G+gkzCH
=8qn6
-----END PGP SIGNATURE-----

--- End Message ---

Bug#509949: marked as done (use of uninitilized memory in unix/vncviewer/CConn.cxx)

Reply via email to