summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Beier <dontmind@freeshell.org>2018-09-29 20:55:24 +0200
committerChristian Beier <dontmind@freeshell.org>2018-09-29 20:55:24 +0200
commit8b06f835e259652b0ff026898014fc7297ade858 (patch)
tree2b5d584451461f43152ef28cccdc0a9ed22c528e
parent5f3ea4e53d3a756864de4f6ceb6ab8068afff3c5 (diff)
downloadlibtdevnc-8b06f835e259652b0ff026898014fc7297ade858.tar.gz
libtdevnc-8b06f835e259652b0ff026898014fc7297ade858.zip
When connecting to a repeater, only send initialised string
Closes #253
-rw-r--r--examples/repeater.c10
-rw-r--r--libvncclient/rfbproto.c8
2 files changed, 14 insertions, 4 deletions
diff --git a/examples/repeater.c b/examples/repeater.c
index cf0350f..dbfa39e 100644
--- a/examples/repeater.c
+++ b/examples/repeater.c
@@ -12,6 +12,7 @@ int main(int argc,char** argv)
char *repeaterHost;
int repeaterPort, sock;
char id[250];
+ int idlen;
rfbClientPtr cl;
int i,j;
@@ -23,7 +24,12 @@ int main(int argc,char** argv)
"Usage: %s <id> <repeater-host> [<repeater-port>]\n", argv[0]);
exit(1);
}
- snprintf(id, sizeof(id) - 1, "ID:%s", argv[1]);
+ idlen = snprintf(id, sizeof(id) - 1, "ID:%s", argv[1]);
+ if(idlen < 0 || idlen >= (int)sizeof(id)) {
+ fprintf(stderr, "Error, given ID is probably too long.\n");
+ return 1;
+ }
+
repeaterHost = argv[2];
repeaterPort = argc < 4 ? 5500 : atoi(argv[3]);
@@ -48,7 +54,7 @@ int main(int argc,char** argv)
perror("connect to repeater");
return 1;
}
- if (write(sock, id, sizeof(id)) != sizeof(id)) {
+ if (write(sock, id, idlen+1) != idlen+1) {
perror("writing id");
return 1;
}
diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c
index e5373bc..669e388 100644
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@@ -363,6 +363,7 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep
rfbProtocolVersionMsg pv;
int major,minor;
char tmphost[250];
+ int tmphostlen;
#ifdef LIBVNCSERVER_IPv6
client->sock = ConnectClientToTcpAddr6(repeaterHost, repeaterPort);
@@ -398,8 +399,11 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep
rfbClientLog("Connected to VNC repeater, using protocol version %d.%d\n", major, minor);
- snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort);
- if (!WriteToRFBServer(client, tmphost, sizeof(tmphost)))
+ tmphostlen = snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort);
+ if(tmphostlen < 0 || tmphostlen >= (int)sizeof(tmphost))
+ return FALSE; /* snprintf error or output truncated */
+
+ if (!WriteToRFBServer(client, tmphost, tmphostlen + 1))
return FALSE;
return TRUE;