diff options
author | Christian Beier <dontmind@freeshell.org> | 2018-09-29 20:55:24 +0200 |
---|---|---|
committer | Christian Beier <dontmind@freeshell.org> | 2018-09-29 20:55:24 +0200 |
commit | 8b06f835e259652b0ff026898014fc7297ade858 (patch) | |
tree | 2b5d584451461f43152ef28cccdc0a9ed22c528e | |
parent | 5f3ea4e53d3a756864de4f6ceb6ab8068afff3c5 (diff) | |
download | libtdevnc-8b06f835e259652b0ff026898014fc7297ade858.tar.gz libtdevnc-8b06f835e259652b0ff026898014fc7297ade858.zip |
When connecting to a repeater, only send initialised string
Closes #253
-rw-r--r-- | examples/repeater.c | 10 | ||||
-rw-r--r-- | libvncclient/rfbproto.c | 8 |
2 files changed, 14 insertions, 4 deletions
diff --git a/examples/repeater.c b/examples/repeater.c index cf0350f..dbfa39e 100644 --- a/examples/repeater.c +++ b/examples/repeater.c @@ -12,6 +12,7 @@ int main(int argc,char** argv) char *repeaterHost; int repeaterPort, sock; char id[250]; + int idlen; rfbClientPtr cl; int i,j; @@ -23,7 +24,12 @@ int main(int argc,char** argv) "Usage: %s <id> <repeater-host> [<repeater-port>]\n", argv[0]); exit(1); } - snprintf(id, sizeof(id) - 1, "ID:%s", argv[1]); + idlen = snprintf(id, sizeof(id) - 1, "ID:%s", argv[1]); + if(idlen < 0 || idlen >= (int)sizeof(id)) { + fprintf(stderr, "Error, given ID is probably too long.\n"); + return 1; + } + repeaterHost = argv[2]; repeaterPort = argc < 4 ? 5500 : atoi(argv[3]); @@ -48,7 +54,7 @@ int main(int argc,char** argv) perror("connect to repeater"); return 1; } - if (write(sock, id, sizeof(id)) != sizeof(id)) { + if (write(sock, id, idlen+1) != idlen+1) { perror("writing id"); return 1; } diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index e5373bc..669e388 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -363,6 +363,7 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep rfbProtocolVersionMsg pv; int major,minor; char tmphost[250]; + int tmphostlen; #ifdef LIBVNCSERVER_IPv6 client->sock = ConnectClientToTcpAddr6(repeaterHost, repeaterPort); @@ -398,8 +399,11 @@ rfbBool ConnectToRFBRepeater(rfbClient* client,const char *repeaterHost, int rep rfbClientLog("Connected to VNC repeater, using protocol version %d.%d\n", major, minor); - snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort); - if (!WriteToRFBServer(client, tmphost, sizeof(tmphost))) + tmphostlen = snprintf(tmphost, sizeof(tmphost), "%s:%d", destHost, destPort); + if(tmphostlen < 0 || tmphostlen >= (int)sizeof(tmphost)) + return FALSE; /* snprintf error or output truncated */ + + if (!WriteToRFBServer(client, tmphost, tmphostlen + 1)) return FALSE; return TRUE; |